DevOps Pulse

GitLab shipped AI Security Remediation Agent with auto-generated

code fixes for vulnerabilities while GitHub expanded secret scanning with 28 new detectors, accelerating security automation across DevOps platforms. AI-powered bots like 'hackerbot-claw' are now harvesting credentials from CI/CD pipelines at scale, with 45% of AI-generated code shipping vulnerabilities to production. GitProtect launched GitHub Enterprise Cloud with Data Residency support, becoming the first backup solution for regulated environments and directly threatening Veeam's enterprise positioning. The PM team should prioritize AI security and regulated cloud backup capabilities to counter GitProtect's advance.

Signals
27
Sections
5/5
Threats
5
Fresh
12
Updated
74d ago
Show

DevOps Platform Updates

scanned 74d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitLab 18.11 Launches AI Security Remediation Agent

GitLab released version 18.11 with Agentic SAST Vulnerability Resolution, now generally available for Ultimate customers. The AI agent analyzes vulnerabilities, generates code fixes, and creates ready-to-merge requests with confidence scores. Also introduces CI Expert Agent and Data Analyst Agent for pipeline setup and delivery analytics.

gitlabYahoo Finance·16 AprNEW

GitHub Expands Secret Scanning with 28 New Detectors

GitHub shipped 28 new secret detectors across 15 providers, expanded push protection to 39 token types, and added AI password detection. The update includes base64-encoded secret detection and enhanced metadata for leaked secrets including owner names and expiry dates.

githubBuildMVPFast·16 Mar

Azure DevOps Introduces Standalone Security Products

Microsoft announced GitHub Secret Protection and GitHub Code Security as standalone products for Azure DevOps, replacing the bundled Advanced Security offering. New PAT creation restriction policy is now in public preview, allowing administrators to control who can generate personal access tokens.

azure-devopsMicrosoft Learn·16 Jun

Azure DevOps Deprecates CodeQL Autobuild Task

Microsoft deprecated the AdvancedSecurity-Codeql-Autobuild task in favor of buildless scanning with buildtype: none. The change simplifies pipeline configuration while maintaining analysis coverage. Autobuild task will be completely removed by March 1, 2026.

azure-devopsMicrosoft Learn·27 Jan

GitLab AI Gateway Critical Security Patch Released

GitLab released critical security patches for versions 18.6.2, 18.7.1, and 18.8.1 addressing a CVSS 9.9 vulnerability in the Duo Workflow Service component. The flaw allowed insecure template expansion of user data via crafted Duo Agent Platform Flow definitions.

gitlabGitLab Blog·6 Feb

Atlassian Confluence Command Injection Vulnerability

Security advisory for CVE-2025-64756, a high-severity OS Command Injection vulnerability affecting Confluence Data Center and Server. Allows authenticated attackers to gain access and execute arbitrary commands on target systems.

confluenceUC Berkeley ISO·17 Mar

Bitbucket OAuth and API Changes Coming May 2026

Bitbucket Cloud will stop issuing refresh tokens for client credentials grant flow on May 4, 2026. Personal workspace OAuth consumers will be restricted to accessing data only within the owning workspace. Cross-workspace APIs sunset moved to April 14, 2026.

bitbucketAtlassian Developer·5 Mar