DevOps Platform Updates
scanned 57d ago6Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
Microsoft Agent 365 Runtime Protection Public Preview
Microsoft unveiled Agent 365 Runtime Protection alongside enhanced AI-code scanning in GitHub Advanced Security on April 30, 2026. This addresses security threats from autonomous software agents with runtime protection layers and AI Data Security Investigations in Microsoft Purview. The updates target the growing threat of malicious or misbehaving autonomous software agents affecting DevOps workflows.
GitHub CVE-2026-3854 Remote Code Execution Vulnerability
GitHub fixed a high-severity remote code execution flaw (CVE-2026-3854) tied to crafted git push requests. An authenticated user with push access could achieve arbitrary code execution, potentially accessing repositories of other users on affected shared storage nodes. The vulnerability was disclosed by Wiz researchers on March 4, with no evidence of abuse found.
GitHub Actions 2026 Security Roadmap
GitHub announced a comprehensive security transformation for Actions, introducing deterministic workflow dependencies, centralized execution policies, and enhanced secret management. The roadmap focuses on secure-by-default automation with dependencies locked to commit SHAs and policy-based controls for workflow execution to combat supply chain attacks.
Azure IaaS Security Model 2026 Updates
Microsoft released new Azure IaaS security guidance emphasizing defense-in-depth with Secure by Default principles. Key changes include mandatory customer-managed encryption keys, Azure AD workload identity for SQL authentication, and immutable golden images updated through Azure Compute Gallery with security validations in Azure DevOps pipelines.
Microsoft Defender for Cloud Storage Malware Remediation GA
Microsoft Defender for Cloud's automated malware remediation for storage is now generally available. The feature automatically soft-deletes malicious blobs detected during malware scanning, with quarantine and recovery options. This addresses increasing security threats to DevOps data protection workflows.
Atlassian SCIM API Key Expiration Policy
Starting April 28, 2025, Atlassian will set existing SCIM API keys to expire between May 1, 2026 and May 1, 2027. This affects identity providers provisioning users with SCIM to Atlassian organizations including Jira, Confluence, and Bitbucket. The change aims to encourage key rotation and reduce security risks from leaked credentials.