DevOps Pulse

A critical Microsoft GitHub repository vulnerability

allows unprivileged attackers to execute arbitrary code and steal CI/CD secrets, while GitHub shipped AI workflow security fixes to prevent supply chain attacks. GitProtect launched first-ever GitHub Enterprise Cloud Data Residency backup support, positioning ahead of all competitors in regulated industries. AI-generated code vulnerabilities surged to 92% of codebases containing critical flaws, with 42% of all code now AI-generated, creating urgent demand for specialized DevOps backup solutions.

Signals
29
Sections
5/5
Threats
6
Fresh
11
Updated
66d ago
Show

DevOps Platform Updates

scanned 67d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Agentic Workflows Deploy Security Supply Chain Fix

GitHub's Agentic Workflows introduced working-tree sanitization to eliminate supply chain attack vectors in AI agent workflows. The update scans and cleans cached memory before agent runs, addressing a critical security gap that allows malicious executable injection. This security enhancement ships alongside new pre-agent steps configuration for authenticated workflows.

githubGitHub Agentic Workflows Blog·20 AprRecent

GitLab 18.11 Launches AI Security Remediation Agents

GitLab releases Agentic SAST Vulnerability Resolution for automated security fixes, CI Expert Agent for pipeline setup, and Data Analyst Agent for delivery analytics. The AI agents analyze confirmed vulnerabilities and generate ready-to-merge code fixes with confidence scores. New GitLab Credits spending caps provide cost controls for enterprise AI adoption.

gitlabGitLab Press Release·16 AprRecent

GitHub Secret Scanning Expands to 39 Token Types

GitHub shipped 28 new secret detectors across 15 providers and expanded push protection to 39 token types including AWS, Databricks, and Netflix. Secret scanning now includes AI password detection and extended metadata with owner details and expiry dates. GitHub unbundled Advanced Security into standalone $19/month Secret Protection pricing.

githubBuild MVP Fast·16 Mar

Atlassian Enables Default AI Data Collection Across Tiers

Starting August 17, 2026, Atlassian will collect customer metadata and in-app content from Jira and Confluence to train AI features. Free and Standard tier users cannot opt out of metadata collection, while Enterprise users retain full opt-out control. Data undergoes de-identification and aggregation with 7-year retention periods.

confluenceSecurity Online·21 AprNEW

Critical Microsoft GitHub Repository Vulnerability Exposed

Tenable discovered a critical vulnerability in a Microsoft GitHub repository with 5,000 forks and 7,700 stars, allowing unprivileged attackers to execute arbitrary code in CI/CD workflows. The flaw enables exfiltration of workflow secrets and unauthorized repository operations, highlighting supply chain risks in popular open source projects.

githubDevOps.com·21 AprNEW

Azure DevOps Server Patches Authentication and Security Issues

Microsoft released April patches for Azure DevOps Server addressing pull request completion failures and improving sign-out validation to prevent malicious redirects. The update fixes PAT connections to GitHub Enterprise Server and resolves critical Azure DevOps Server 25H2 team/group behavior issues. Visual Studio 2026 pipeline support planned for Q3.

azure-devopsAzure DevOps Blog·8 Apr

Atlassian Confluence Launches AI Agent Ecosystem

Atlassian released Remix in open beta for transforming Confluence pages into visual formats and launched MCP-powered partner agents for Lovable, Replit, and Gamma. The agents convert documentation into working prototypes, applications, and presentations without manual integration. Setup requires only enabling MCP servers in Atlassian Administration.

confluenceBusiness Wire·8 Apr