DevOps Pulse

GitHub shipped comprehensive security overhaul with

native egress firewalls and dependency locking after the tj-actions supply chain attack, while GitLab 19.0 delivered AI-powered SAST vulnerability resolution reaching GA. Anthropic's Claude Mythos demonstrated AI-driven zero-day exploitation capabilities 181x more effective than previous models, validating the critical need for AI-powered backup security convergence. GitProtect positioned as most comprehensive DevOps backup solution with broader GitHub coverage than competitors, directly threatening Veeam's expansion into developer tool backup.

Signals
25
Sections
5/5
Threats
4
Fresh
9
Updated
20d ago
Show

DevOps Platform Updates

scanned 21d ago8

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Actions 2026 Security Roadmap Now GA

GitHub's comprehensive security overhaul for CI/CD pipelines is now generally available, featuring dependency locking, native egress firewall, and scoped secrets. The platform-level security model addresses supply chain vulnerabilities and implements secure-by-default policies after the tj-actions attack compromised 23,000 repositories.

githubDEV Community·7 Apr

GitLab 19.0 Security Configuration Profiles Released

GitLab introduces security configuration profiles in version 19.0, enabling faster scanner rollouts across thousands of projects within minutes. The update includes AI-powered SAST vulnerability resolution reaching GA, with automated merge request generation for critical findings and severity-override policies.

gitlabGitLab What's New·21 MayRecent

Azure DevOps GitHub Secret Protection Standalone Launch

Microsoft announces GitHub Secret Protection and Code Security as standalone products for Azure DevOps, providing access to secret scanning, push protection, and dependency scanning without full GitHub Advanced Security licensing. This addresses enterprise demand for granular security tooling.

azure-devopsMicrosoft Learn·16 Jun

Atlassian Cloud App Security Requirements Updated for 2026

Atlassian publishes updated Cloud App Security Requirements for 2026, introducing new provisions for AI security, data protection, and supply chain security. The requirements take effect March 31, 2026, with new baseline standards for Government Cloud apps and Forge platform AI security.

jiraAtlassian Developer Changelog·28d agoNEW

GitLab Patches Multiple Duo AI Authorization Vulnerabilities

GitLab releases emergency patches for vulnerabilities affecting Duo AI workflows, including CVE-2026-4868 (CVSS 8.2) allowing authenticated users to trigger workflows under another user's identity. Additional fixes address authorization bypasses and DoS vulnerabilities across AI features.

gitlabGBHackers·27 May

Bitbucket Mitigates Axios Dependency Supply Chain Risk

Atlassian issues guidance for Bitbucket Pipelines users affected by CVE-2025-27152, a critical supply-chain vulnerability in axios npm package versions 1.14.1 and 0.30.4. Users must audit pipeline dependencies and rotate potentially exposed secrets from affected builds.

bitbucketAtlassian Community·7 Apr

Forge Dynamic Modules Preview Available Cross-Platform

Atlassian releases Forge Dynamic Modules in Preview across Jira, Confluence, and JSM, enabling customer-managed egress and improved entity property filtering for event triggers. This expands Forge's runtime capabilities while maintaining the security-first architecture.

confluenceAtlassian Developer Changelog·28 May

System Health Dashboard GA for All Atlassian Cloud Plans

Atlassian makes System Health dashboard generally available for all cloud plans, providing org admins with app status monitoring, incident tracking, and email alerts. The centralized observability feature supports DevOps teams managing distributed Atlassian deployments.

confluenceAtlassian Cloud Blog·1 JunNEW