DevOps Pulse

GitHub shipped critical RCE vulnerability patches (CVE-2026-3854)

after researchers exposed how a single git push could compromise millions of repositories, while 88% of Enterprise instances remain vulnerable requiring immediate upgrades. GitProtect dominates DevOps backup conversations as the only solution covering 15+ platforms with on-premise deployment, directly threatening Veeam's market position. EU organizations scramble to meet NIS2/DORA compliance deadlines facing €10 million penalties, creating urgent demand for automated backup solutions. Private equity circles Commvault after 30% stock decline, signaling consolidation opportunities in the fragmented data protection market.

Signals
33
Sections
5/5
Threats
9
Fresh
14
Updated
62d ago
Show

DevOps Platform Updates

scanned 62d ago8

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

Critical GitHub RCE Vulnerability CVE-2026-3854 Disclosed

Wiz researchers discovered a critical remote code execution vulnerability in GitHub's git infrastructure that could be exploited with a single git push command. The flaw (CVSS 8.7) affects GitHub.com and GitHub Enterprise Server, potentially compromising millions of repositories. GitHub patched github.com within 2 hours of disclosure on March 4, 2026. Enterprise customers must upgrade to GHES 3.19.3+ immediately as 88% of instances remain vulnerable.

githubThe Hacker News·29 AprNEW

GitLab 18.11 Extends AI Agent Platform with Security Analytics

GitLab released version 18.11 expanding agentic AI across the software lifecycle with automated security remediation, pipeline setup, and delivery analytics. The Duo Agent Platform reached general availability in January 2026, enabling multi-agent workflow orchestration and custom agents for Enterprise customers. This positions GitLab as an AI orchestration plane where humans and agents share delivery responsibility.

gitlabGitLab Investor Relations·15 Apr

Azure DevOps Server Critical Group Membership Bug Patched

Microsoft released patches for Azure DevOps Server after identifying an issue that could cause group memberships to become deactivated in certain scenarios. The bug affected installations prior to March 13, 2026 re-published release. A mitigation SQL script was provided for affected environments while Microsoft worked on permanent fixes. Migration tools for Azure DevOps Server 25H2 remain unpublished.

azure-devopsMicrosoft DevOps Blog·13 Mar

Bitbucket API Deprecation Breaks Azure DevOps Integration

Bitbucket deprecated APIs (CHANGE-2770) causing Microsoft Azure DevOps integrations to fail with 403 errors. Users cannot set up new Bitbucket connections in Azure DevOps due to Microsoft using deprecated APIs. Microsoft deployed a hotfix for App Service Bitbucket integration on April 8, but broader Azure DevOps pipeline integration issues persist. Organizations may need to move away from Azure DevOps if not resolved.

bitbucketMicrosoft Q&A·7 AprRecent

Atlassian Jira Backup Manager API Deprecated March 30

Atlassian deprecated the v1 Backup Manager APIs effective March 30, 2026, removing automated backup creation capabilities for Standard plan customers. The enhanced backup and restore system is limited to Enterprise plans during rollout. Standard customers can only create manual backups through the UI, forcing many to upgrade or seek alternative backup solutions for compliance requirements.

jiraAtlassian Community·30 Mar

Black Duck Polaris Platform Enhances DevSecOps SCM Integration

Black Duck announced enhanced Polaris Platform integrations across GitHub, GitLab, Azure DevOps, and Bitbucket for unified application security. New features include automated repository onboarding, continuous monitoring, event-based scanning, and AI-powered security insights through Black Duck Signal. The platform addresses the explosion of AI-generated code and distributed development environments requiring better security coverage.

azure-devopsPR Newswire·12 Feb

Atlassian SCIM API Keys to Expire Between May 2026-2027

Atlassian will set expiry dates for existing SCIM API keys generated before January 1, 2025, with expiration between May 1, 2026 and May 1, 2027. The change encourages key rotation to reduce security risks of leaked or stolen keys. Organizations using identity providers for user provisioning to Atlassian must monitor for expiration notifications and plan key renewal processes.

jiraAtlassian Cloud Documentation·2 Feb

GitHub Actions Introduces Agentic Workflows Preview

GitHub announced Agentic Workflows in technical preview for February 2026, allowing developers to describe automation goals in natural language Markdown files instead of writing YAML. AI agents like GitHub Copilot execute workflows in sandboxed containers for automated issue triage, PR review, CI failure diagnosis, and repository maintenance. This represents a significant shift toward AI-native DevOps automation.

githubToolradar·28 AprNEW