DevOps Platform Updates
scanned 21d ago5Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Secret Scanning Expands with AI Detection and 37 New Detectors
<cite index="1-1,4-13">GitHub shipped 28 new secret detectors across 15 providers and expanded push protection to 39 token types, with AI password detection capabilities.</cite> <cite index="4-18">Secret scanning now works inside AI coding agents via the GitHub MCP Server, enabling detection before code enters repositories.</cite> This addresses the rising credential leak risks from AI-generated code, with enhanced validity checks for faster remediation prioritization.
GitLab 18.11 Delivers Agentic AI for Security Remediation and Pipeline Setup
<cite index="12-3,12-16">Agentic SAST Vulnerability Resolution reached General Availability for GitLab Ultimate customers using GitLab Duo Agent Platform.</cite> <cite index="12-22,12-23">New CI Expert Agent inspects repositories and proposes build-and-test pipelines in natural language, while Data Analyst Agent answers lifecycle questions with visual analytics.</cite> The platform now includes subscription-level spending caps for enterprise AI cost control.
Atlassian March Security Bulletin: Critical OS Command Injection Vulnerability
<cite index="21-2,21-7">CVE-2025-64756 is a high-severity OS Command Injection vulnerability affecting Confluence Data Center and Server that allows authenticated attackers to execute arbitrary commands.</cite> <cite index="21-4">Atlassian-hosted products are not affected by these vulnerabilities.</cite> The security bulletin affects multiple self-hosted Atlassian products including Jira and requires immediate patching.
Azure DevOps Strengthens Token Governance with PAT Creation Restrictions
<cite index="6-22,6-23">Azure DevOps introduced organization-level policy to restrict personal access token (PAT) creation in public preview, allowing administrators to control who can create or regenerate PATs.</cite> <cite index="6-11,6-12">GitHub Secret Protection and Code Security are now available as standalone products, providing access to secret scanning, push protection, and security overview experiences.</cite> Enhanced governance reduces token sprawl and improves security posture.
DevOps Platform Incidents Surge: 502 Incidents and 955 Hours of Disruption
<cite index="43-12,43-13">Azure DevOps topped incident lists with 74 recorded disruptions from January through June, with Pipelines experiencing 31 individual service disruptions.</cite> <cite index="43-18">GitHub logged 109 incidents in H1 2025, a 58% increase from H1 2024's 69 incidents.</cite> The surge highlights evolving risk profiles as CI/CD pipelines become attack surfaces requiring enhanced backup and recovery strategies.