DevOps Pulse

Quasar Linux RAT specifically targets DevOps credentials including GitHub CLI tokens

npm credentials, and Kubernetes configs, exposing developer infrastructure to complete compromise. GitLab 18.11 shipped agentic security remediation that automatically generates code fixes and opens merge requests for SAST findings, accelerating AI-driven security workflows. Critical GitHub vulnerability CVE-2026-3854 enables authenticated RCE via git push, while GitProtect launched Azure DevOps backup support with data residency compliance, directly competing in Veeam's DevOps protection market. The PM team should prioritize competitive response to GitProtect's feature expansion and assess impact of agentic security workflows on backup requirements.

Signals
28
Sections
5/5
Threats
8
Fresh
17
Updated
50d ago
Show

DevOps Platform Updates

scanned 51d ago8

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitLab 18.11 Adds Agentic Security Remediation and Pipeline Setup

GitLab released version 18.11 with new automated security vulnerability remediation that generates code fixes for SAST findings and opens merge requests automatically. Also includes CI Expert Agent for rapid pipeline setup and Data Analyst Agent for delivery analytics. These agents have access to existing GitLab code, pipelines, issues, and security findings to provide contextual automation.

gitlabBusiness Wire·16 Apr

GitHub Copilot Gets Enhanced Security Metrics and CLI Updates

GitHub enhanced Copilot's usage metrics API to break down code review suggestions by security categories like bug_risk and security comments. Copilot CLI received improvements for multi-account switching and direct user prompt handling. CodeQL 2.25.3 was released with Swift 6.3 support and five new C/C++ security queries for better vulnerability detection.

githubReleasebot·9 MayRecent

Atlassian Launches Country-Based IP Allowlist Policies

Atlassian introduced country-based IP allowlist policies for enhanced security across Jira, Confluence, Analytics, Compass, and Rovo. Organizations can now restrict access by geographic location in addition to IP addresses. System Health dashboard is now generally available for all cloud plans, providing personalized monitoring of app status and incidents.

jiraAtlassian Cloud·4 MayRecent

Azure DevOps Server Patches Group Membership Deactivation Issue

Microsoft released Azure DevOps Server Patch 2 to resolve a critical issue that could cause group memberships to become deactivated under certain conditions. The patch also includes new REST API endpoints for automating GitHub repository management with increased limits (500 to 2,000 repositories per connection). Enhanced submodule navigation now supports Azure Repos, GitHub, GitLab, and Bitbucket.

azure-devopsMicrosoft Learn·13 Mar

Quasar Linux RAT Targets DevOps Credential Harvesting

Security researchers discovered a new Linux malware called Quasar Linux RAT (QLNX) specifically targeting developer systems and DevOps credentials. The malware extracts secrets from npm tokens, PyPI credentials, Git credentials, AWS credentials, Kubernetes configs, Docker configs, Vault tokens, Terraform credentials, and GitHub CLI tokens. Compromised assets could allow attackers to push malicious packages or access cloud infrastructure.

githubThe Hacker News·8 MayRecent

GitLab Introduces SAST False Positive Detection with AI

GitLab released AI-powered SAST false positive detection that automatically analyzes vulnerabilities to determine likelihood of being false positives. The feature provides confidence scores, contextual explanations, and visual indicators in vulnerability reports. This aims to reduce developer fatigue from security noise while maintaining focus on real threats. Available for GitLab Duo subscribers.

gitlabReleasebot·4 MayRecent

GitHub Copilot Data Usage Policy Updated for Individual Users

GitHub updated its Copilot interaction data policy, allowing usage data from individual subscribers (Free, Pro, Pro+) to be used for AI training by default starting April 24, 2026. Users can opt out through account settings. Enterprise and Business tier data remains protected and is not used for training. The change aims to improve AI models using real-world development patterns.

githubGitHub Features·24 Apr

Datadog Report: 87% Run Software with Known Exploitable Vulnerabilities

Datadog's State of DevSecOps Report 2026 reveals 87% of organizations are running software with known exploitable vulnerabilities. Only 18% of 'critical' vulnerabilities remain critical when runtime context is applied. The report highlights the gap between vulnerability alerts and actual business risk, emphasizing need for AI-assisted workflows to prioritize real threats over security noise.

gitlabDatadog·26 Feb