DevOps Platform Updates
scanned 68d ago7Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
Critical Microsoft GitHub Flaw Exposes CI/CD Pipelines
Tenable discovered a critical vulnerability in a popular Microsoft GitHub repository that allows attackers to execute remote code and access secrets in GitHub workflows. The flaw highlights growing security risks in CI/CD pipelines as development becomes more automated.
Atlassian Security Bulletin Addresses 31 High-Severity Vulnerabilities
Atlassian's April 21 security bulletin fixes 31 high-severity vulnerabilities and 7 critical third-party flaws across Jira, Confluence, and Bitbucket platforms. The bulletin emphasizes the importance of patching to latest versions for comprehensive security coverage.
Atlassian AI Policy Changes for Jira and Confluence
Effective August 2026, Atlassian will use customer data from Jira and Confluence to train AI models. Lower-tier subscriptions cannot opt out, while Enterprise customers retain withdrawal rights. The policy affects approximately 300,000 clients and raises data protection concerns.
GitHub Agentic Workflows Platform Ships Security Fixes
GitHub's Agentic Workflows platform released five updates between April 13-17, introducing security improvements including working-tree sanitization to prevent supply chain attacks. The updates also added new AI engine capabilities and pre-agent authentication steps.
GitLab 18.11 Expands Agentic AI for Security Remediation
GitLab released version 18.11 with enhanced agentic AI capabilities for security vulnerability resolution, CI pipeline automation, and delivery analytics. The update addresses the AI Paradox where code generation outpaces security and operations workflows.
Bitbucket OAuth Security Updates Enforce May 2026
Bitbucket Cloud will enforce OAuth authentication changes on May 4, 2026, restricting client credentials grants and eliminating refresh tokens to improve security. The updates align with OAuth standards and reduce long-lived token risks.
Azure DevOps Standalone Security Products Now Available
Microsoft unbundled GitHub Advanced Security for Azure DevOps into standalone products: Secret Protection ($19/month) and Code Security. This provides more flexible security options for DevOps teams while maintaining enterprise-grade protection capabilities.