DevOps Platform Updates
scanned 21d ago8Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Actions 2026 Security Roadmap Now GA
GitHub's comprehensive security overhaul for CI/CD pipelines is now generally available, featuring dependency locking, native egress firewall, and scoped secrets. The platform-level security model addresses supply chain vulnerabilities and implements secure-by-default policies after the tj-actions attack compromised 23,000 repositories.
GitLab 19.0 Security Configuration Profiles Released
GitLab introduces security configuration profiles in version 19.0, enabling faster scanner rollouts across thousands of projects within minutes. The update includes AI-powered SAST vulnerability resolution reaching GA, with automated merge request generation for critical findings and severity-override policies.
Azure DevOps GitHub Secret Protection Standalone Launch
Microsoft announces GitHub Secret Protection and Code Security as standalone products for Azure DevOps, providing access to secret scanning, push protection, and dependency scanning without full GitHub Advanced Security licensing. This addresses enterprise demand for granular security tooling.
Atlassian Cloud App Security Requirements Updated for 2026
Atlassian publishes updated Cloud App Security Requirements for 2026, introducing new provisions for AI security, data protection, and supply chain security. The requirements take effect March 31, 2026, with new baseline standards for Government Cloud apps and Forge platform AI security.
GitLab Patches Multiple Duo AI Authorization Vulnerabilities
GitLab releases emergency patches for vulnerabilities affecting Duo AI workflows, including CVE-2026-4868 (CVSS 8.2) allowing authenticated users to trigger workflows under another user's identity. Additional fixes address authorization bypasses and DoS vulnerabilities across AI features.
Bitbucket Mitigates Axios Dependency Supply Chain Risk
Atlassian issues guidance for Bitbucket Pipelines users affected by CVE-2025-27152, a critical supply-chain vulnerability in axios npm package versions 1.14.1 and 0.30.4. Users must audit pipeline dependencies and rotate potentially exposed secrets from affected builds.
Forge Dynamic Modules Preview Available Cross-Platform
Atlassian releases Forge Dynamic Modules in Preview across Jira, Confluence, and JSM, enabling customer-managed egress and improved entity property filtering for event triggers. This expands Forge's runtime capabilities while maintaining the security-first architecture.
System Health Dashboard GA for All Atlassian Cloud Plans
Atlassian makes System Health dashboard generally available for all cloud plans, providing org admins with app status monitoring, incident tracking, and email alerts. The centralized observability feature supports DevOps teams managing distributed Atlassian deployments.