DevOps Pulse

GitHub's security breach affecting 3

800 internal repositories via malicious VS Code extension demonstrates how AI coding tools have become primary attack vectors, with 45% of AI-generated code now introducing known vulnerabilities. Rubrik launched Agent Cloud to monitor and remediate agentic AI actions, directly competing with Veeam's DataAI Command Platform strategy. GitProtect positions itself as the only vendor offering comprehensive DevOps disaster recovery with cross-platform restore capabilities, threatening Veeam's expansion plans. European DORA and NIS2 regulations are driving real-time compliance requirements, creating immediate demand for DevOps data protection solutions.

Signals
29
Sections
5/5
Threats
7
Fresh
14
Updated
33d ago
Show

DevOps Platform Updates

scanned 33d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Major Security Breach via VS Code Extension

GitHub confirmed that a malicious VS Code extension allowed attackers to exfiltrate approximately 3,800 internal repositories. The TeamPCP threat group exploited the extension's permissions to steal source code, tokens, and credentials. This represents one of 2026's most significant DevOps platform security incidents.

githubAxipro Security Report·20 MayRecent

GitHub Security Lab Launches AI-Powered Taskflow Agent

GitHub announced the release of GitHub Security Lab Taskflow Agent, an open-source AI framework for security research. The agent is effective at finding authentication bypasses, token leaks, and high-impact vulnerabilities in Actions and JavaScript projects, marking a significant advancement in AI-assisted vulnerability discovery.

githubGitHub Blog·25 MayNEW

GitLab Releases Emergency Security Patches for XSS and DoS

GitLab patched high-severity vulnerabilities including CVE-2026-7481 (XSS in analytics dashboards) and multiple unauthenticated DoS flaws affecting CI/CD pipelines. Versions 18.11.3, 18.10.6, and 18.9.7 address these critical issues that could enable session hijacking and pipeline disruption.

gitlabCybersecurity News·13 MayRecent

GitLab Duo AI Enhances False Positive Detection

GitLab introduced AI-powered false positive detection for SAST security scans. When a SAST scan runs, GitLab Duo automatically analyzes vulnerabilities to determine likelihood of false positives, providing confidence scores and contextual reasoning to reduce security noise for development teams.

gitlabGitLab Release Notes·20 MayRecent

Azure DevOps Server Reaches General Availability

Microsoft announced Azure DevOps Server GA after transitioning from Release Candidate phase. The on-premises solution now operates under Modern Lifecycle Policy and includes critical security patches for group membership issues. Self-hosted organizations can now deploy production-ready DevOps infrastructure.

azure-devopsMicrosoft DevBlogs·13 Mar

Atlassian Security Bulletin: 39 High-Severity Vulnerabilities

Atlassian's May 19 security bulletin addresses 39 high-severity vulnerabilities and 3 critical third-party vulnerabilities across Jira, Confluence, and Bitbucket Data Center. Organizations must upgrade to latest versions to mitigate risks from authentication bypasses and data exposure flaws.

jiraAtlassian Security Bulletin·19 MayRecent

Atlassian Extends Data Export Rules to Block File Downloads

Atlassian expanded data security policies to block downloading of files attached to Confluence and Jira when data export rules are active. The change affects organizations using Atlassian Guard Standard and aims to prevent both data exports and attachment downloads under unified policy controls.

confluenceAtlassian Cloud Updates·15 MayRecent