DevOps Platform Updates
scanned 42d ago7Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub AI-Powered Bug Detection Enters Public Preview
GitHub Code Security adopts hybrid AI and CodeQL scanning to expand vulnerability coverage beyond traditional static analysis. New system covers Shell/Bash, Dockerfiles, Terraform, and PHP ecosystems. Expected to enter public preview in early Q2 2026.
NHS Closes GitHub Repos Over AI Security Concerns
UK's NHS orders GitHub repositories to be set from public to private by May 11 due to concerns about advanced AI models like Anthropic's Mythos. Decision addresses risks of AI-powered code analysis and vulnerability discovery capabilities.
GitLab Agentic SAST Vulnerability Resolution GA
GitLab 18.11 introduces autonomous vulnerability remediation with AI agents that analyze security context and generate validated fixes. Two new foundational agents for CI and analytics added to GitLab Duo Agent Platform with budget controls.
GitLab Security Update Patches High-Severity Flaws
GitLab releases versions 18.10.3, 18.9.5, 18.8.9 addressing CVE-2026-5173 websocket vulnerability with CVSS 8.5. Patch resolves 12 vulnerabilities including DoS issues in Terraform API and GraphQL. Self-managed instances require immediate upgrade.
Atlassian Outage Impacts Multiple DevOps Platforms
May 8 incident affected Bitbucket, Jira, and Confluence with elevated error rates and degraded performance. Service fully restored May 8, 19:45 UTC. Additional outage on May 14 affected authentication and product access across Atlassian ecosystem.
Azure DevOps Server Patches Critical Security Issues
Azure DevOps Server Patch 1 released addressing URL redirection vulnerability and PAT abuse in EndpointProxy API. Fixes TLS certificate issue in SQL Server upgrades and web test run problems. March 13 re-published release resolves group membership deactivation bug.
Bitbucket OAuth 2.0 Authentication Changes Enforced
OAuth 2.0 and API authentication changes for Bitbucket Cloud began enforcing May 4, 2026. Updates eliminate insecure patterns, align with OAuth 2.0 specifications, and improve backend reliability. Affects integration security and token management.