DevOps Pulse

GitLab patched CVE-2026-5173

a high-severity websocket vulnerability (CVSS 8.5) that allows authenticated attackers to bypass access controls, while GitHub strengthened secret scanning with expanded pattern detection for major cloud providers. GitProtect launched granular Jira backup and Azure DevOps Artifacts protection, directly challenging Veeam's DevOps backup positioning with deeper Atlassian and Microsoft integration. Reddit discussions highlight critical data protection gaps including accidental GitHub account deletions causing total project loss and 17,000 exposed secrets in GitLab repositories.

Signals
29
Sections
5/5
Threats
8
Fresh
14
Updated
75d ago
Show

DevOps Platform Updates

scanned 76d ago8

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Secret Scanning Pattern Updates and Product Improvements

GitHub rolled out major secret scanning improvements including new Cloudflare detectors, expanded push protection defaults for Figma, GCP, Langchain, OpenVSX, and PostHog patterns. Added enterprise API for listing dismissal requests across all orgs and team/topic filters for secret scanning campaigns. These updates strengthen detection coverage, APIs, and workflows for enterprise security teams.

githubGitHub Blog·14 AprRecent

GitHub Deployment Context in Repository Properties and Alerts

GitHub introduced deployment context visibility in repository properties and security alerts. New built-in properties 'deployable' and 'deployed' are now available to filter repositories and apply policies based on deployment context. Dependabot and code scanning alerts now show runtime risk context directly on alert pages for better prioritization.

githubGitHub Blog·14 AprRecent

GitLab Security Update Fixes High-Severity CVE-2026-5173 Vulnerability

GitLab released critical security patches addressing CVE-2026-5173, a high-severity websocket vulnerability (CVSS 8.5) that could allow authenticated attackers to bypass access controls and invoke unintended server-side methods. Additional vulnerabilities patched include GraphQL SBOM API issues and multiple medium-severity flaws affecting code quality reports and AI detection APIs.

gitlabGitLab Releases·8 Apr

GitHub Security Tab Renamed to 'Security & Quality'

GitHub restructured security navigation by renaming the Security tab to 'Security & quality' across repositories, organizations, and enterprises. The change collocates code quality findings alongside security alerts for unified triage. Repository sidebar updates include new 'Findings' and 'Code quality' sections while maintaining backward compatibility for URLs and APIs.

githubGitHub Blog·2 Apr

Bitbucket Issues and Wikis Sunset Timeline Begins

Atlassian announced the sunset of native Bitbucket Issues and Wikis features. Starting April 2026, these features will no longer be available for new repositories. Existing Issues and Wikis will be fully removed by mid-August 2026. The change aims to improve performance and bring Bitbucket onto the unified Atlassian platform with unified billing and Rovo integration.

bitbucketAtlassian Community·19 Feb

Atlassian Connect Platform App Updates Discontinued

Partners and developers can no longer update existing Jira or Confluence apps using Connect descriptors on the Atlassian Marketplace. Private apps can now only be installed via Forge installation links. This milestone aligns with the timeline for ending Connect platform support, requiring migration to Forge for continued app updates and distribution.

confluenceAtlassian Developer Changelog·12 AprRecent

Azure DevOps Server Patch Addresses Group Membership Issues

Microsoft released Azure DevOps Server Patch 2 addressing issues introduced in the original release that could cause group memberships to become deactivated under certain conditions. The patch applies to customers who installed Azure DevOps Server prior to the March 13, 2026 re-published release and completes remediation for previously applied mitigations.

azure-devopsMicrosoft Learn·15 AprNEW

GitHub Copilot in Security Assessments Now Available

Organization admins and security managers can now access Copilot experiences directly from security risk assessment results to get contextual explanations and guided next steps. This integration brings AI-powered assistance to both secret risk assessments and Code Security risk assessments for improved security workflow efficiency.

githubGitHub Blog·9 Apr