DevOps Platform Updates
scanned 74d ago7Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitLab 18.11 Launches AI Security Remediation Agent
GitLab released version 18.11 with Agentic SAST Vulnerability Resolution, now generally available for Ultimate customers. The AI agent analyzes vulnerabilities, generates code fixes, and creates ready-to-merge requests with confidence scores. Also introduces CI Expert Agent and Data Analyst Agent for pipeline setup and delivery analytics.
GitHub Expands Secret Scanning with 28 New Detectors
GitHub shipped 28 new secret detectors across 15 providers, expanded push protection to 39 token types, and added AI password detection. The update includes base64-encoded secret detection and enhanced metadata for leaked secrets including owner names and expiry dates.
Azure DevOps Introduces Standalone Security Products
Microsoft announced GitHub Secret Protection and GitHub Code Security as standalone products for Azure DevOps, replacing the bundled Advanced Security offering. New PAT creation restriction policy is now in public preview, allowing administrators to control who can generate personal access tokens.
Azure DevOps Deprecates CodeQL Autobuild Task
Microsoft deprecated the AdvancedSecurity-Codeql-Autobuild task in favor of buildless scanning with buildtype: none. The change simplifies pipeline configuration while maintaining analysis coverage. Autobuild task will be completely removed by March 1, 2026.
GitLab AI Gateway Critical Security Patch Released
GitLab released critical security patches for versions 18.6.2, 18.7.1, and 18.8.1 addressing a CVSS 9.9 vulnerability in the Duo Workflow Service component. The flaw allowed insecure template expansion of user data via crafted Duo Agent Platform Flow definitions.
Atlassian Confluence Command Injection Vulnerability
Security advisory for CVE-2025-64756, a high-severity OS Command Injection vulnerability affecting Confluence Data Center and Server. Allows authenticated attackers to gain access and execute arbitrary commands on target systems.
Bitbucket OAuth and API Changes Coming May 2026
Bitbucket Cloud will stop issuing refresh tokens for client credentials grant flow on May 4, 2026. Personal workspace OAuth consumers will be restricted to accessing data only within the owning workspace. Cross-workspace APIs sunset moved to April 14, 2026.