DevOps Platform Updates
scanned 72d ago7Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Launches AI-Agent Security Game for Vulnerability Testing
GitHub released Season 4 of its Secure Code Game featuring ProdBot, a deliberately vulnerable AI coding assistant designed to teach developers how to identify and exploit agentic AI security risks. The game addresses real-world vulnerabilities like CVE-2026-25253 ('ClawBleed'), reflecting actual security threats as organizations deploy autonomous AI systems into production.
GitHub Enhances Secret Scanning with AI-Detected Patterns and Enterprise APIs
GitHub upgraded secret scanning with AI-powered generic secret detection now appearing in scan history APIs, new enterprise dismissal request endpoints, and expanded push protection defaults for Figma, GCP, Langchain, OpenVSX, and PostHog patterns. Custom pattern alerts can now be manually marked as active or inactive through the API.
AI Supply Chain Attack Targets GitHub Repositories with 475 Malicious Pull Requests
Security researchers identified an AI-assisted supply chain attack called 'prt-scan' that deployed over 475 malicious pull requests targeting misconfigured GitHub repositories. The attack used AI to exploit open-source projects by stealing credentials and compromising sensitive data through automated malicious payloads.
Azure DevOps Fixes Bitbucket Integration After API Deprecation
Microsoft resolved Azure DevOps integration issues with Bitbucket following API deprecation by Atlassian. A service-side problem was identified on April 8 related to deprecated Bitbucket APIs, with a hotfix deployed to restore App Service Bitbucket integration functionality.
Black Duck Expands Security Platform Across All Major DevOps SCMs
Black Duck announced enhanced Polaris Platform integrations with unified coverage across GitHub, GitLab, Azure DevOps, and Bitbucket. The platform provides automated security scanning with instant onboarding for thousands of repositories, continuous monitoring of repository changes, and triggers for pull request security scans.
Atlassian Extends Data Export Restrictions to File Downloads
Atlassian expanded its data security policies to block downloading of files attached to Confluence and Jira pages. The change affects organizations with existing data export restrictions and requires Atlassian Guard Standard. Users will no longer see download buttons in attachment lists, macros, and file previews.
Atlassian Enhances Cloud Connectors with OAuth 2.0 Security
Atlassian introduced enhanced cloud connectors for linking Data Center and cloud environments through Admin Hub. The connectors support Rovo and Portfolio insights with OAuth 2.0 authentication for secure data flows between Jira Data Center 11.3+ and Confluence Data Center 10.2+.