DevOps Pulse

GitHub patched a critical RCE vulnerability (CVE-2026-3854) discovered through AI-powered reverse engineering

while GitLab and Azure DevOps released security updates addressing high-severity flaws including websocket vulnerabilities and PAT abuse. Reddit discussions reveal GitHub's 90-day repository deletion policy is causing irreversible data loss for developers, with one user losing a 50-star repository. GitProtect launched comprehensive cross-platform DevOps backup and migration capabilities covering GitHub, GitLab, Bitbucket, and Azure DevOps, directly targeting Veeam's DevOps ambitions with disaster recovery features.

Signals
29
Sections
5/5
Threats
8
Fresh
10
Updated
42d ago
Show

DevOps Platform Updates

scanned 42d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub AI-Powered Bug Detection Enters Public Preview

GitHub Code Security adopts hybrid AI and CodeQL scanning to expand vulnerability coverage beyond traditional static analysis. New system covers Shell/Bash, Dockerfiles, Terraform, and PHP ecosystems. Expected to enter public preview in early Q2 2026.

githubBleepingComputer·25 Mar

NHS Closes GitHub Repos Over AI Security Concerns

UK's NHS orders GitHub repositories to be set from public to private by May 11 due to concerns about advanced AI models like Anthropic's Mythos. Decision addresses risks of AI-powered code analysis and vulnerability discovery capabilities.

githubThe Register·5 MayRecent

GitLab Agentic SAST Vulnerability Resolution GA

GitLab 18.11 introduces autonomous vulnerability remediation with AI agents that analyze security context and generate validated fixes. Two new foundational agents for CI and analytics added to GitLab Duo Agent Platform with budget controls.

gitlabGitLab Releases·16 Apr

GitLab Security Update Patches High-Severity Flaws

GitLab releases versions 18.10.3, 18.9.5, 18.8.9 addressing CVE-2026-5173 websocket vulnerability with CVSS 8.5. Patch resolves 12 vulnerabilities including DoS issues in Terraform API and GraphQL. Self-managed instances require immediate upgrade.

gitlabThe Cyber Express·10 Apr

Atlassian Outage Impacts Multiple DevOps Platforms

May 8 incident affected Bitbucket, Jira, and Confluence with elevated error rates and degraded performance. Service fully restored May 8, 19:45 UTC. Additional outage on May 14 affected authentication and product access across Atlassian ecosystem.

bitbucketAtlassian Bitbucket Status·14 MayNEW

Azure DevOps Server Patches Critical Security Issues

Azure DevOps Server Patch 1 released addressing URL redirection vulnerability and PAT abuse in EndpointProxy API. Fixes TLS certificate issue in SQL Server upgrades and web test run problems. March 13 re-published release resolves group membership deactivation bug.

azure-devopsMicrosoft Learn·14 MayNEW

Bitbucket OAuth 2.0 Authentication Changes Enforced

OAuth 2.0 and API authentication changes for Bitbucket Cloud began enforcing May 4, 2026. Updates eliminate insecure patterns, align with OAuth 2.0 specifications, and improve backend reliability. Affects integration security and token management.

bitbucketAtlassian Developer Community·9 Feb