DevOps Pulse

Atlassian published 32 security patches for critical vulnerabilities across DevOps platforms including Bamboo

Bitbucket, Confluence, and Jira, demanding immediate patching. GitProtect achieved first-to-market GitHub Enterprise Cloud Data Residency backup support, directly targeting Veeam's regulated industry customers while Rubrik launched AI-powered natural language recovery commands. Reddit communities reveal widespread panic over DORA/NIS2 compliance gaps with fines up to €10M driving urgent backup vendor evaluation.

Signals
34
Sections
5/5
Threats
7
Fresh
15
Updated
69d ago
Show

DevOps Platform Updates

scanned 69d ago8

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

Atlassian Security Bulletin Addresses Critical Vulnerabilities

Atlassian published a comprehensive security bulletin on April 21, 2026, addressing vulnerabilities across multiple products including Bamboo, Bitbucket, Confluence, and Jira. The bulletin includes 32 security patches for critical and high-severity vulnerabilities, with most affecting third-party dependencies. This impacts DevOps data protection as teams need immediate patches.

confluenceAtlassian Security Advisory·21 AprNEW

GitHub Actions Adds OIDC Custom Properties and VNET Failover

GitHub updated Actions with new security features including OIDC custom properties as claims for granular trust policies and Azure private networking VNET failover capabilities. The update also includes service container entrypoint overrides. These changes enhance DevOps security and infrastructure resilience for enterprise workflows.

githubGitHub Changelog·20 AprRecent

Vercel Security Incident Exposes DevOps Supply Chain Risks

On April 19, 2026, Vercel disclosed a security breach originating from a compromised AI tool Context.ai that spread through Google Workspace OAuth to internal systems and customer environment variables. This highlights new attack vectors in DevOps through SaaS tool supply chains rather than traditional code dependencies.

githubDevOps Daily·19 AprRecent

GitLab Patches High-Severity Websocket Vulnerability CVE-2026-5173

GitLab released versions 18.10.3, 18.9.5, and 18.8.9 addressing CVE-2026-5173, a high-severity vulnerability with CVSS score 8.5 affecting websocket connections. The flaw allows authenticated attackers to bypass access controls and invoke unintended server-side methods. Immediate updates recommended for all self-managed installations.

gitlabGitLab Release Notes·8 Apr

GitHub Secret Scanning Expands with 28 New Patterns

GitHub deployed 28 new secret detection patterns across 15 providers in April 2026, expanding push protection to 39 token types by default. Notable additions include Cloudflare, Vercel (6 types), and improved enterprise API controls for secret scanning campaigns. This strengthens DevOps security against credential leaks.

githubGitHub Changelog·14 Apr

Bitbucket OAuth Security Changes Take Effect May 2026

Bitbucket Cloud announces OAuth 2.0 migration completion with brownout beginning in April 2026. OAuth 1.0 and implicit grants will be fully disabled on March 14, 2026. Client credentials grants will stop issuing refresh tokens on May 4, 2026 to improve security alignment with RFC standards.

bitbucketBitbucket Cloud Changelog·12 Apr

GitHub Reorganizes Security Tab to Include Code Quality

GitHub renamed the Security tab to 'Security & quality' across repositories, organizations, and enterprises to colocate code quality findings with security alerts. This change supports the upcoming GitHub Code Quality general availability and provides unified triage for all code-related issues in one place.

githubGitHub Changelog·2 Apr

AWS DevOps and Security Agents Reach General Availability

AWS announced general availability of DevOps Agent and Security Agent on April 6, 2026. These frontier agents work autonomously across multiple steps to investigate incidents, reduce resolution time, and prevent issues. Major customers like United Airlines and T-Mobile are already using these agents to accelerate incident response.

azure-devopsAWS Blog·6 Apr