DevOps Pulse

GitHub expanded secret scanning with 37 new AI-enabled

detectors while GitLab 18.11 shipped agentic AI for security remediation, as DevOps platform incidents surged 69% to 502 total outages in 2025. GitProtect strengthened its DevOps backup market lead with comprehensive GitHub Actions and cross-platform migration support, directly challenging Veeam's developer data strategy. EU regulators now actively enforce DORA and NIS2 with first penalties issued in Q1 2026, creating immediate compliance demand as AI coding agents introduce 2.74x more vulnerabilities than human-written code.

Signals
32
Sections
5/5
Threats
8
Fresh
6
Updated
21d ago
Show

DevOps Platform Updates

scanned 21d ago5

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Secret Scanning Expands with AI Detection and 37 New Detectors

<cite index="1-1,4-13">GitHub shipped 28 new secret detectors across 15 providers and expanded push protection to 39 token types, with AI password detection capabilities.</cite> <cite index="4-18">Secret scanning now works inside AI coding agents via the GitHub MCP Server, enabling detection before code enters repositories.</cite> This addresses the rising credential leak risks from AI-generated code, with enhanced validity checks for faster remediation prioritization.

githubDevOps.com·1 AprRecent

GitLab 18.11 Delivers Agentic AI for Security Remediation and Pipeline Setup

<cite index="12-3,12-16">Agentic SAST Vulnerability Resolution reached General Availability for GitLab Ultimate customers using GitLab Duo Agent Platform.</cite> <cite index="12-22,12-23">New CI Expert Agent inspects repositories and proposes build-and-test pipelines in natural language, while Data Analyst Agent answers lifecycle questions with visual analytics.</cite> The platform now includes subscription-level spending caps for enterprise AI cost control.

gitlabBusiness Wire·16 Apr

Atlassian March Security Bulletin: Critical OS Command Injection Vulnerability

<cite index="21-2,21-7">CVE-2025-64756 is a high-severity OS Command Injection vulnerability affecting Confluence Data Center and Server that allows authenticated attackers to execute arbitrary commands.</cite> <cite index="21-4">Atlassian-hosted products are not affected by these vulnerabilities.</cite> The security bulletin affects multiple self-hosted Atlassian products including Jira and requires immediate patching.

confluenceUC Berkeley Information Security Office·18 Mar

Azure DevOps Strengthens Token Governance with PAT Creation Restrictions

<cite index="6-22,6-23">Azure DevOps introduced organization-level policy to restrict personal access token (PAT) creation in public preview, allowing administrators to control who can create or regenerate PATs.</cite> <cite index="6-11,6-12">GitHub Secret Protection and Code Security are now available as standalone products, providing access to secret scanning, push protection, and security overview experiences.</cite> Enhanced governance reduces token sprawl and improves security posture.

azure-devopsMicrosoft Learn·16 Jun

DevOps Platform Incidents Surge: 502 Incidents and 955 Hours of Disruption

<cite index="43-12,43-13">Azure DevOps topped incident lists with 74 recorded disruptions from January through June, with Pipelines experiencing 31 individual service disruptions.</cite> <cite index="43-18">GitHub logged 109 incidents in H1 2025, a 58% increase from H1 2024's 69 incidents.</cite> The surge highlights evolving risk profiles as CI/CD pipelines become attack surfaces requiring enhanced backup and recovery strategies.

azure-devopsDevOps.com·29 Aug