DevOps Platform Updates
scanned 24d ago8Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Copilot Sandboxes Now in Public Preview
<cite index="3-1,3-2,3-7">GitHub launched secure, isolated sandboxes for Copilot that run in both local and cloud environments. This addresses enterprise security concerns as AI agents take more autonomous actions in development workflows.</cite> <cite index="3-20">Each session inherits existing cloud agent policies with no additional setup required.</cite>
GitHub Agent Apps Launch from Marketplace Partners
<cite index="4-1,4-3">GitHub released agent apps from partners including Amplitude, Bright Security, LaunchDarkly, and PagerDuty that integrate directly into GitHub workflows.</cite> <cite index="4-8,4-9">Access will expand to allow anyone to build agent apps in coming months, with partners able to join a waitlist.</cite>
GitHub Copilot SDK Generally Available
<cite index="9-1,9-3,9-4">The GitHub Copilot SDK reached general availability, allowing developers to embed Copilot's agentic engine into applications with production-ready support and access to planning, tool invocation, and file editing capabilities.</cite> <cite index="9-5">Since public preview, the SDK has been used to build CI/CD assistants and internal developer tools.</cite>
GitHub Copilot Medium Tier Review Model Released
<cite index="1-2,1-31">GitHub introduced a new Medium tier for Copilot code reviews that routes pull requests to higher-reasoning models for deeper analysis of complex logic, security-sensitive code, and cross-service changes.</cite> <cite index="1-35,1-36">The Medium tier delivers more actionable comments with fewer false positives while consuming more AI Credits.</cite>
Microsoft Azure DevOps Copilot Connectors Go GA
<cite index="8-27,8-28">Federated Copilot connectors became generally available, enabling secure connections to third-party data sources via Model Context Protocol across Microsoft 365 Chat, Researcher, and Excel Agent Mode.</cite> <cite index="8-29">Admins can manage Microsoft-published connectors from the Admin Center.</cite>
AI Security Vulnerabilities Surge in DevOps Platforms
<cite index="39-9,39-10,39-11">Security report identified 68 AI-related incidents across popular DevOps platforms in 2025, with threats including malicious prompt injections, remote code execution, and credential leaks as AI expands attack surfaces.</cite> <cite index="41-40,41-42">Microsoft's Azure DevOps MCP package disclosed CVE-2026-32211 (CVSS 9.1) for missing authentication on April 3, 2026.</cite>
GitLab 19.0 Enhances AI and Security Management
<cite index="12-11,12-19">GitLab released support for additional open source models including Devstral 2 123B and GLM-5.1-FP8 for self-hosted deployments, enabling AI workflows in air-gapped environments.</cite> <cite index="12-14,12-15">New features include transitive dependency detection with real-world exposure prioritization and security configuration profiles for faster scanner rollouts.</cite>
Atlassian May 2026 Security Bulletin: 42 Vulnerabilities
<cite index="35-3,35-7">Atlassian released security patches for 39 high-severity and 3 critical third-party vulnerabilities across Jira, Confluence, and other products.</cite> <cite index="32-5">The April bulletin addressed 31 high-severity and 7 critical third-party vulnerabilities, continuing the trend of significant security updates.</cite>