DevOps Platform Updates
scanned 24d ago7Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Copilot App and Microsoft Agent-First Platform Launch
Microsoft Build 2026 unveiled GitHub Copilot standalone app, Project Solara security framework, and Agent-First platform with Surface RTX Spark Dev Box. The GitHub Copilot app provides an agent-native desktop experience for tracking sessions, issues, PRs, and background automation. Project Solara offers zero-trust security for autonomous agents, positioning Microsoft to control the AI development lifecycle.
Microsoft Defender for GitHub Code Security Integration GA
Microsoft announced general availability of Defender integration with GitHub Code Security at Build 2026. The integration enriches code vulnerabilities with runtime context from production, including internet exposure and data sensitivity. Developers can remediate issues using AI-assisted fixes through GitHub Copilot Autofix.
87% of Organizations Running Exploitable Vulnerabilities - Datadog Report
Datadog's State of DevSecOps 2026 report reveals 87% of organizations have at least one exploitable vulnerability in deployed services, affecting 40% of all services. Java services lead at 59% vulnerability rates. 50% of organizations adopt new library versions within 24 hours of release, increasing supply chain risk. Only 18% of 'critical' CVEs remain critical with runtime context applied.
GitHub Security Lab Taskflow Agent for Vulnerability Triage
GitHub announced the Security Lab Taskflow Agent, an AI-powered framework for security research that effectively finds auth bypasses, IDORs, token leaks, and other high-impact vulnerabilities. The agent can triage categories of vulnerabilities in GitHub Actions and JavaScript projects using collaborative AI approaches.
GitLab 19.0 Released with Secrets Manager and Pipeline Visibility
GitLab 19.0 introduces CI/CD Secrets Manager for credential management and enhanced pipeline component visibility across organizations. New features include tracking of outdated component versions, air-gapped model support for Duo Agent Platform including Devstral 2 123B and GLM-5.1-FP8, and improved security configuration profiles.
Bitbucket Cloud Deprecating App Passwords for API Tokens
Atlassian announced Bitbucket Cloud will fully deprecate app passwords on July 28, 2026, transitioning to API tokens for enhanced security. Controlled brownouts start June 9, 2026, with API requests using app passwords failing during brownout windows. API tokens offer improved security, expiration controls, and centralized management.
Multiple AI Security Vulnerabilities Patched Across Platforms
Critical vulnerabilities discovered in AI agent platforms including PraisonAI (CVE-2026-44336), SGLang (CVE-2026-7304), and Mamba model framework (CVE-2026-31239). These vulnerabilities expose AI model supply chain risks including unsafe deserialization, path traversal, and arbitrary code execution. Organizations using AI agents must prioritize sandboxing and artifact validation.