DevOps Pulse

Atlassian published 39 high-severity vulnerabilities and 3 critical third-party flaws affecting Jira

Confluence, and Bitbucket yesterday, while GitLab patched 25 vulnerabilities including XSS and DoS attacks requiring immediate updates. GitProtect's DevOps threat report reveals AI integration expands attack surfaces with malicious prompt injections and credential leaks, citing 107% surge in enterprise vulnerabilities. Azure DevOps strengthened PAT security by preventing expired token modifications and eliminating global PATs by December 2026.

Signals
30
Sections
5/5
Threats
9
Fresh
9
Updated
41d ago
Show

DevOps Platform Updates

scanned 41d ago8

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Actions 2026 Security Roadmap Released

GitHub published its comprehensive 2026 security roadmap for Actions, introducing deterministic dependency locking, enterprise-grade egress controls, and centralized policy enforcement. The roadmap targets supply chain attacks with secure-by-default behavior and workflow execution protections. Public preview features launch within 3-6 months.

githubGitHub Blog·30 Mar

GitLab 18.11 Agentic SAST Vulnerability Resolution GA

GitLab released version 18.11 with Agentic SAST Vulnerability Resolution reaching general availability. The update includes CI Expert Agent, Analytics Expert Agent, and budget guardrails for GitLab Credits. False positive detection for SAST vulnerabilities is now available using AI analysis.

gitlabGitLab Releases·16 Apr

Critical GitLab Security Vulnerabilities Patched

GitLab released emergency security updates on May 13, 2026, addressing multiple high-severity flaws including XSS vulnerabilities and unauthenticated DoS attacks. The patches fix 25 distinct vulnerabilities affecting CI/CD pipelines and developer sessions, requiring immediate updates for self-hosted instances.

gitlabCyberSecurity News·13 MayRecent

Azure DevOps Personal Access Token Security Enhancement

Azure DevOps implemented critical security changes preventing expired PATs from being modified or extended. The update enforces true token lifetimes and reduces credential theft risks. Global PATs will be decommissioned on December 1, 2026, pushing organizations toward scoped authentication.

azure-devopsMicrosoft DevBlogs·31 Mar

Azure DevOps GitHub Integration Security Update

Azure DevOps upgraded GitHub integration REST APIs to use GitHub App OAuth tokens instead of classic OAuth tokens for enhanced security. Users will need to re-authenticate once to complete the migration, which enables automatic token refresh and eliminates manual reauthorization needs.

azure-devopsMicrosoft DevBlogs·15 MayRecent

Atlassian Security Bulletin May 19 2026

Atlassian published its latest security bulletin addressing 39 high-severity vulnerabilities and 3 critical-severity third-party vulnerabilities across Jira, Confluence, and Bitbucket. The bulletin provides detailed vulnerability information and fixed version recommendations for Data Center products.

confluenceAtlassian Support·19 MayNEW

DevOps AI Security Report Reveals Expanded Attack Surface

GitProtect's 2026 DevOps Threat Report reveals that AI integration into DevOps platforms significantly expands attack surfaces. New threats include malicious prompt injections, remote code execution, and credential leaks. The report emphasizes the need for sophisticated defenses in AI-powered environments.

githubHelp Net Security·20 MayNEW

Atlassian Guard Premium IP Allowlist Updates

Atlassian rolled out enhanced IP allowlist policies supporting country-based access restrictions across Jira, Confluence, and other products. The update strengthens security controls for enterprise organizations and supports compliance requirements with geographic access limitations.

jiraAtlassian Cloud·4 May