DevOps Pulse

GitLab 19.0 launched with AI-powered secrets manager and security features

addressing critical gaps as the Megalodon attack compromised 5,561 GitHub repos through malicious CI/CD workflows. GitProtect expanded DevOps backup coverage across all platforms, directly challenging Veeam's target market while Azure DevOps suffered multiple global outages exposing enterprise backup gaps. The PM team should prioritize competitive response to GitProtect's comprehensive platform coverage and accelerate DevOps backup solutions addressing AI agent governance requirements revealed by widespread supply chain attacks.

Signals
31
Sections
5/5
Threats
7
Fresh
13
Updated
37d ago
Show

DevOps Platform Updates

scanned 38d ago6

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitLab 19.0 Launches Secrets Manager and AI Security Features

GitLab released version 19.0 with a public beta of GitLab Secrets Manager for Premium/Ultimate users, enabling centralized credential storage with audit trails. The update also introduces AI-powered false positive detection for SAST vulnerabilities, expanded Developer Flow for merge requests, and enhanced dependency scanning with software bill of materials for supply chain oversight.

gitlabSecurityBrief Asia·22 MayNEW

Atlassian Security Bulletin: 39 High-Severity Vulnerabilities Fixed

Atlassian published its May 19, 2026 Security Bulletin addressing 39 high-severity vulnerabilities and 3 critical third-party vulnerabilities across Jira, Confluence, Bitbucket Data Center, and other products. The bulletin includes fixed versions for all affected products and emphasizes the need for organizations to upgrade to latest versions for comprehensive security coverage.

jiraAtlassian Support Documentation·19 MayRecent

Microsoft May 2026 Patches Include Azure DevOps Critical Vulnerability

Microsoft's May 2026 Patch Tuesday includes CVE-2026-42826, a critical information disclosure vulnerability in Azure DevOps with a CVSS score of 10.0. The vulnerability allows unauthenticated remote attackers to access sensitive information over networks. The update also addresses 130 total vulnerabilities across Microsoft's enterprise cloud services and development platforms.

azure-devopsCrowdStrike·14 MayRecent

GitHub Actions 2026 Security Roadmap: Secure-by-Default CI/CD

GitHub announced its 2026 security roadmap for Actions, introducing workflow execution protections built on rulesets framework. The roadmap shifts toward secure-by-default automation with centralized policies controlling actor permissions, event restrictions, and supply chain protections. Key features include evaluate mode for policy testing and enhanced secrets scoping across organization levels.

githubGitHub Blog·30 Mar

GitHub Agentic Workflows Security Architecture Deep Dive

GitHub detailed its defense-in-depth security architecture for agentic AI workflows in CI/CD pipelines, emphasizing isolation, constrained execution, and comprehensive auditability. The design addresses risks like prompt injection and privilege escalation through sandboxed environments, restricted permissions, and full execution traceability to safely integrate autonomous AI agents into development workflows.

githubGitHub Blog·9 Mar

Azure DevOps Server Security Patches Released May 2026

Microsoft released new security patches for Azure DevOps Server self-hosted deployments on May 14, 2026, strongly recommending all customers upgrade to the latest secure version. The patches address multiple security vulnerabilities in the on-premises DevOps platform, with detailed release notes available for affected versions including database migrations that may impact upgrade processes.

azure-devopsAzure DevOps Blog·14 MayRecent