DevOps Pulse

GitLab patched critical account takeover vulnerabilities affecting SAML identity APIs with CVSS scores up to 9.5

requiring immediate administrator upgrades to prevent security breaches. GitProtect launched first-to-market GitHub Enterprise Cloud Data Residency backup support, directly challenging Veeam's enterprise DevOps positioning in regulated industries. Supply chain attacks escalated with TeamPCP compromising Trivy, Checkmarx, and LiteLLM tools to steal CI/CD credentials, while 87% of organizations now run services with exploitable vulnerabilities. Microsoft's Agent 365 Security Framework reaches GA, providing enterprise AI governance controls that align with the accelerating platform consolidation trend driven by AI security imperatives.

Signals
30
Sections
5/5
Threats
7
Fresh
13
Updated
18d ago
Show

DevOps Platform Updates

scanned 18d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitLab Patches Critical Account Takeover Vulnerabilities

GitLab released security updates on June 10, 2026, patching 12 vulnerabilities including high-severity flaws enabling account takeover through SAML identity API (CVE-2026-6552) and stored XSS in Analytics Dashboard (CVE-2026-10087). Administrators are urged to upgrade to GitLab 19.0.2, 18.11.5, or 18.10.8 immediately.

gitlabCyberPress·20d agoNEW

GitHub Adds AI-Powered Security Review Command to Copilot CLI

GitHub introduces experimental /security-review command to Copilot CLI, enabling AI-driven security reviews directly in terminal. The feature scans local code changes for high-impact vulnerabilities including injection flaws and weak cryptography, offering actionable fixes before production deployment.

githubReleasebot·20d agoNEW

Microsoft Build 2026: Agent 365 Security Framework Goes GA

Microsoft announced general availability of Agent 365 SDK at Build 2026, providing security controls for enterprise AI agents. Features include observability, access controls, compliance enforcement, and Windows 365 for Agents execution environment. Integrates with Defender, Intune, and Purview for comprehensive agent governance.

azure-devopsMicrosoft Security Blog·23d agoRecent

GitHub Extends Security Validation to Third-Party AI Agents

GitHub brings automatic security validation to third-party coding agents including Claude and OpenAI Codex. The update extends CodeQL, advisory database, and secret scanning protections to AI-generated code in repositories, ensuring consistent security checks across all AI coding workflows.

githubReleasebot·20d agoNEW

Microsoft Defender for Cloud GitHub Integration Now GA

Microsoft Defender for Cloud integration with GitHub Advanced Security reaches general availability, providing unified security visibility across development lifecycle. The integration maps code changes to production environments and prioritizes alerts based on runtime context.

azure-devopsMicrosoft Learn·26d ago

GitLab Adds Self-Hosted AI Models for Air-Gapped Environments

GitLab Duo Agent Platform now supports additional open source models including Devstral 2 123B and GLM-5.1-FP8 for self-hosted deployments. This enables agentic workflows in offline and network-restricted environments without sending data externally, addressing enterprise security requirements.

gitlabGitLab Releases·21d ago

DevOps Backup Strategy Becomes Critical as Cloud Outages Rise

Configuration errors and automation flaws caused most DevOps cloud outages in 2025, highlighting single points of failure. Security experts recommend multi-cloud strategies and dedicated DevOps backup solutions following 3-2-1 backup rule with immutable storage to ensure data sovereignty.

githubHelp Net Security·20 May