DevOps Pulse

Microsoft unveiled GitHub Copilot standalone app and Agent-First platform at Build 2026

cementing AI's dominance in DevOps workflows as 87% of organizations now run exploitable vulnerabilities in production services. TeamPCP breached GitHub's internal repositories through a malicious VS Code extension, stealing 3,800 repos now for sale at $50,000, highlighting developer environment security gaps. Rubrik launched SAGE AI Governance Engine to challenge Veeam's Data Command Center with unified backup+AI+security convergence.

Signals
32
Sections
5/5
Threats
8
Fresh
9
Updated
24d ago
Show

DevOps Platform Updates

scanned 24d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Copilot App and Microsoft Agent-First Platform Launch

Microsoft Build 2026 unveiled GitHub Copilot standalone app, Project Solara security framework, and Agent-First platform with Surface RTX Spark Dev Box. The GitHub Copilot app provides an agent-native desktop experience for tracking sessions, issues, PRs, and background automation. Project Solara offers zero-trust security for autonomous agents, positioning Microsoft to control the AI development lifecycle.

githubDEV Community·27d agoRecent

Microsoft Defender for GitHub Code Security Integration GA

Microsoft announced general availability of Defender integration with GitHub Code Security at Build 2026. The integration enriches code vulnerabilities with runtime context from production, including internet exposure and data sensitivity. Developers can remediate issues using AI-assisted fixes through GitHub Copilot Autofix.

githubWindows Forum·29d agoRecent

87% of Organizations Running Exploitable Vulnerabilities - Datadog Report

Datadog's State of DevSecOps 2026 report reveals 87% of organizations have at least one exploitable vulnerability in deployed services, affecting 40% of all services. Java services lead at 59% vulnerability rates. 50% of organizations adopt new library versions within 24 hours of release, increasing supply chain risk. Only 18% of 'critical' CVEs remain critical with runtime context applied.

githubDatadog Press Release·26 Feb

GitHub Security Lab Taskflow Agent for Vulnerability Triage

GitHub announced the Security Lab Taskflow Agent, an AI-powered framework for security research that effectively finds auth bypasses, IDORs, token leaks, and other high-impact vulnerabilities. The agent can triage categories of vulnerabilities in GitHub Actions and JavaScript projects using collaborative AI approaches.

githubGitHub Blog·1 Jun

GitLab 19.0 Released with Secrets Manager and Pipeline Visibility

GitLab 19.0 introduces CI/CD Secrets Manager for credential management and enhanced pipeline component visibility across organizations. New features include tracking of outdated component versions, air-gapped model support for Duo Agent Platform including Devstral 2 123B and GLM-5.1-FP8, and improved security configuration profiles.

gitlabGitLab Releases·21 May

Bitbucket Cloud Deprecating App Passwords for API Tokens

Atlassian announced Bitbucket Cloud will fully deprecate app passwords on July 28, 2026, transitioning to API tokens for enhanced security. Controlled brownouts start June 9, 2026, with API requests using app passwords failing during brownout windows. API tokens offer improved security, expiration controls, and centralized management.

bitbucketAtlassian Developer Changelog·30 May

Multiple AI Security Vulnerabilities Patched Across Platforms

Critical vulnerabilities discovered in AI agent platforms including PraisonAI (CVE-2026-44336), SGLang (CVE-2026-7304), and Mamba model framework (CVE-2026-31239). These vulnerabilities expose AI model supply chain risks including unsafe deserialization, path traversal, and arbitrary code execution. Organizations using AI agents must prioritize sandboxing and artifact validation.

githubAI Security Newsletter·1 Jun