DevOps Platform Updates
scanned 58d ago6Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
Microsoft Agent 365 Runtime Protection for AI Agents
Microsoft released Agent 365 Runtime Protection on April 30, 2026, providing security controls for AI agents across the ecosystem. The announcement includes GitHub Advanced Security AI-code scanning enhancements and Microsoft Purview AI Data Security Investigations to address threats from autonomous software agents. This responds to growing enterprise adoption of AI agents and upcoming EU AI Act requirements.
GitHub Enterprise Server Critical RCE Vulnerability
CVE-2026-3854, a critical vulnerability discovered using AI-assisted reverse engineering, allows authenticated users to execute arbitrary commands on GitHub's backend servers via git push injection. This high-severity flaw (CVSS 8.7) affects GitHub Enterprise Server and has been patched, marking one of the first critical vulnerabilities found in closed-source binaries using AI tooling.
GitHub AI-Powered Security Detections Launch
GitHub introduced AI-powered security detections in GitHub Code Security to expand vulnerability coverage across more languages and frameworks including Shell/Bash, Dockerfiles, Terraform, and PHP. The feature complements CodeQL static analysis and shows 80% positive developer feedback in internal testing. Public preview planned for early Q2 2026.
GitLab Security Update Fixes High-Severity Websocket Vulnerability
GitLab released emergency security patches for versions 18.10.3, 18.9.5, 18.8.9 addressing CVE-2026-5173, a high-severity websocket vulnerability (CVSS 8.5) that allows authenticated attackers to bypass access controls. The update also patches 11 additional vulnerabilities including DoS issues in Terraform and GraphQL APIs.
Bitbucket OAuth Authentication Breaking Changes
Atlassian enforces OAuth and token-authentication changes for Bitbucket Cloud on May 4, 2026. Client credentials grants will no longer issue refresh tokens, and personal workspace OAuth consumers will be restricted to owning workspace data only. These changes align with OAuth standards and improve security but may break existing integrations.
Azure DevOps Bitbucket Integration Broken by API Deprecation
Azure DevOps users report widespread failures connecting to Bitbucket Cloud due to Microsoft's continued reliance on deprecated Atlassian 'hooks & services' APIs. Users facing service disruption are being forced to migrate away from Azure DevOps or implement manual workarounds. Microsoft has not provided an ETA for updating to newer Bitbucket APIs.