DevOps Platform Updates
scanned 76d ago8Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Secret Scanning Pattern Updates and Product Improvements
GitHub rolled out major secret scanning improvements including new Cloudflare detectors, expanded push protection defaults for Figma, GCP, Langchain, OpenVSX, and PostHog patterns. Added enterprise API for listing dismissal requests across all orgs and team/topic filters for secret scanning campaigns. These updates strengthen detection coverage, APIs, and workflows for enterprise security teams.
GitHub Deployment Context in Repository Properties and Alerts
GitHub introduced deployment context visibility in repository properties and security alerts. New built-in properties 'deployable' and 'deployed' are now available to filter repositories and apply policies based on deployment context. Dependabot and code scanning alerts now show runtime risk context directly on alert pages for better prioritization.
GitLab Security Update Fixes High-Severity CVE-2026-5173 Vulnerability
GitLab released critical security patches addressing CVE-2026-5173, a high-severity websocket vulnerability (CVSS 8.5) that could allow authenticated attackers to bypass access controls and invoke unintended server-side methods. Additional vulnerabilities patched include GraphQL SBOM API issues and multiple medium-severity flaws affecting code quality reports and AI detection APIs.
GitHub Security Tab Renamed to 'Security & Quality'
GitHub restructured security navigation by renaming the Security tab to 'Security & quality' across repositories, organizations, and enterprises. The change collocates code quality findings alongside security alerts for unified triage. Repository sidebar updates include new 'Findings' and 'Code quality' sections while maintaining backward compatibility for URLs and APIs.
Bitbucket Issues and Wikis Sunset Timeline Begins
Atlassian announced the sunset of native Bitbucket Issues and Wikis features. Starting April 2026, these features will no longer be available for new repositories. Existing Issues and Wikis will be fully removed by mid-August 2026. The change aims to improve performance and bring Bitbucket onto the unified Atlassian platform with unified billing and Rovo integration.
Atlassian Connect Platform App Updates Discontinued
Partners and developers can no longer update existing Jira or Confluence apps using Connect descriptors on the Atlassian Marketplace. Private apps can now only be installed via Forge installation links. This milestone aligns with the timeline for ending Connect platform support, requiring migration to Forge for continued app updates and distribution.
Azure DevOps Server Patch Addresses Group Membership Issues
Microsoft released Azure DevOps Server Patch 2 addressing issues introduced in the original release that could cause group memberships to become deactivated under certain conditions. The patch applies to customers who installed Azure DevOps Server prior to the March 13, 2026 re-published release and completes remediation for previously applied mitigations.
GitHub Copilot in Security Assessments Now Available
Organization admins and security managers can now access Copilot experiences directly from security risk assessment results to get contextual explanations and guided next steps. This integration brings AI-powered assistance to both secret risk assessments and Code Security risk assessments for improved security workflow efficiency.