DevOps Platform Updates
scanned 51d ago8Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitLab 18.11 Adds Agentic Security Remediation and Pipeline Setup
GitLab released version 18.11 with new automated security vulnerability remediation that generates code fixes for SAST findings and opens merge requests automatically. Also includes CI Expert Agent for rapid pipeline setup and Data Analyst Agent for delivery analytics. These agents have access to existing GitLab code, pipelines, issues, and security findings to provide contextual automation.
GitHub Copilot Gets Enhanced Security Metrics and CLI Updates
GitHub enhanced Copilot's usage metrics API to break down code review suggestions by security categories like bug_risk and security comments. Copilot CLI received improvements for multi-account switching and direct user prompt handling. CodeQL 2.25.3 was released with Swift 6.3 support and five new C/C++ security queries for better vulnerability detection.
Atlassian Launches Country-Based IP Allowlist Policies
Atlassian introduced country-based IP allowlist policies for enhanced security across Jira, Confluence, Analytics, Compass, and Rovo. Organizations can now restrict access by geographic location in addition to IP addresses. System Health dashboard is now generally available for all cloud plans, providing personalized monitoring of app status and incidents.
Azure DevOps Server Patches Group Membership Deactivation Issue
Microsoft released Azure DevOps Server Patch 2 to resolve a critical issue that could cause group memberships to become deactivated under certain conditions. The patch also includes new REST API endpoints for automating GitHub repository management with increased limits (500 to 2,000 repositories per connection). Enhanced submodule navigation now supports Azure Repos, GitHub, GitLab, and Bitbucket.
Quasar Linux RAT Targets DevOps Credential Harvesting
Security researchers discovered a new Linux malware called Quasar Linux RAT (QLNX) specifically targeting developer systems and DevOps credentials. The malware extracts secrets from npm tokens, PyPI credentials, Git credentials, AWS credentials, Kubernetes configs, Docker configs, Vault tokens, Terraform credentials, and GitHub CLI tokens. Compromised assets could allow attackers to push malicious packages or access cloud infrastructure.
GitLab Introduces SAST False Positive Detection with AI
GitLab released AI-powered SAST false positive detection that automatically analyzes vulnerabilities to determine likelihood of being false positives. The feature provides confidence scores, contextual explanations, and visual indicators in vulnerability reports. This aims to reduce developer fatigue from security noise while maintaining focus on real threats. Available for GitLab Duo subscribers.
GitHub Copilot Data Usage Policy Updated for Individual Users
GitHub updated its Copilot interaction data policy, allowing usage data from individual subscribers (Free, Pro, Pro+) to be used for AI training by default starting April 24, 2026. Users can opt out through account settings. Enterprise and Business tier data remains protected and is not used for training. The change aims to improve AI models using real-world development patterns.
Datadog Report: 87% Run Software with Known Exploitable Vulnerabilities
Datadog's State of DevSecOps Report 2026 reveals 87% of organizations are running software with known exploitable vulnerabilities. Only 18% of 'critical' vulnerabilities remain critical when runtime context is applied. The report highlights the gap between vulnerability alerts and actual business risk, emphasizing need for AI-assisted workflows to prioritize real threats over security noise.