DevOps Platform Updates
scanned 18d ago7Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitLab Patches Critical Account Takeover Vulnerabilities
GitLab released security updates on June 10, 2026, patching 12 vulnerabilities including high-severity flaws enabling account takeover through SAML identity API (CVE-2026-6552) and stored XSS in Analytics Dashboard (CVE-2026-10087). Administrators are urged to upgrade to GitLab 19.0.2, 18.11.5, or 18.10.8 immediately.
GitHub Adds AI-Powered Security Review Command to Copilot CLI
GitHub introduces experimental /security-review command to Copilot CLI, enabling AI-driven security reviews directly in terminal. The feature scans local code changes for high-impact vulnerabilities including injection flaws and weak cryptography, offering actionable fixes before production deployment.
Microsoft Build 2026: Agent 365 Security Framework Goes GA
Microsoft announced general availability of Agent 365 SDK at Build 2026, providing security controls for enterprise AI agents. Features include observability, access controls, compliance enforcement, and Windows 365 for Agents execution environment. Integrates with Defender, Intune, and Purview for comprehensive agent governance.
GitHub Extends Security Validation to Third-Party AI Agents
GitHub brings automatic security validation to third-party coding agents including Claude and OpenAI Codex. The update extends CodeQL, advisory database, and secret scanning protections to AI-generated code in repositories, ensuring consistent security checks across all AI coding workflows.
Microsoft Defender for Cloud GitHub Integration Now GA
Microsoft Defender for Cloud integration with GitHub Advanced Security reaches general availability, providing unified security visibility across development lifecycle. The integration maps code changes to production environments and prioritizes alerts based on runtime context.
GitLab Adds Self-Hosted AI Models for Air-Gapped Environments
GitLab Duo Agent Platform now supports additional open source models including Devstral 2 123B and GLM-5.1-FP8 for self-hosted deployments. This enables agentic workflows in offline and network-restricted environments without sending data externally, addressing enterprise security requirements.
DevOps Backup Strategy Becomes Critical as Cloud Outages Rise
Configuration errors and automation flaws caused most DevOps cloud outages in 2025, highlighting single points of failure. Security experts recommend multi-cloud strategies and dedicated DevOps backup solutions following 3-2-1 backup rule with immutable storage to ensure data sovereignty.