DevOps Platform Updates
scanned 67d ago7Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Agentic Workflows Deploy Security Supply Chain Fix
GitHub's Agentic Workflows introduced working-tree sanitization to eliminate supply chain attack vectors in AI agent workflows. The update scans and cleans cached memory before agent runs, addressing a critical security gap that allows malicious executable injection. This security enhancement ships alongside new pre-agent steps configuration for authenticated workflows.
GitLab 18.11 Launches AI Security Remediation Agents
GitLab releases Agentic SAST Vulnerability Resolution for automated security fixes, CI Expert Agent for pipeline setup, and Data Analyst Agent for delivery analytics. The AI agents analyze confirmed vulnerabilities and generate ready-to-merge code fixes with confidence scores. New GitLab Credits spending caps provide cost controls for enterprise AI adoption.
GitHub Secret Scanning Expands to 39 Token Types
GitHub shipped 28 new secret detectors across 15 providers and expanded push protection to 39 token types including AWS, Databricks, and Netflix. Secret scanning now includes AI password detection and extended metadata with owner details and expiry dates. GitHub unbundled Advanced Security into standalone $19/month Secret Protection pricing.
Atlassian Enables Default AI Data Collection Across Tiers
Starting August 17, 2026, Atlassian will collect customer metadata and in-app content from Jira and Confluence to train AI features. Free and Standard tier users cannot opt out of metadata collection, while Enterprise users retain full opt-out control. Data undergoes de-identification and aggregation with 7-year retention periods.
Critical Microsoft GitHub Repository Vulnerability Exposed
Tenable discovered a critical vulnerability in a Microsoft GitHub repository with 5,000 forks and 7,700 stars, allowing unprivileged attackers to execute arbitrary code in CI/CD workflows. The flaw enables exfiltration of workflow secrets and unauthorized repository operations, highlighting supply chain risks in popular open source projects.
Azure DevOps Server Patches Authentication and Security Issues
Microsoft released April patches for Azure DevOps Server addressing pull request completion failures and improving sign-out validation to prevent malicious redirects. The update fixes PAT connections to GitHub Enterprise Server and resolves critical Azure DevOps Server 25H2 team/group behavior issues. Visual Studio 2026 pipeline support planned for Q3.
Atlassian Confluence Launches AI Agent Ecosystem
Atlassian released Remix in open beta for transforming Confluence pages into visual formats and launched MCP-powered partner agents for Lovable, Replit, and Gamma. The agents convert documentation into working prototypes, applications, and presentations without manual integration. Setup requires only enabling MCP servers in Atlassian Administration.