DevOps Pulse

GitHub's npm v12 security defaults will block dependency scripts and Git dependencies unless explicitly approved

forcing CI/CD pipeline reviews across enterprises. Microsoft MDASH now routes GitHub Code Security vulnerabilities directly into Defender Portal with production risk signals, creating a security+backup convergence play. GitProtect demonstrates the most comprehensive DevOps platform coverage including Actions workflows and LFS objects that competitors skip, while Cohesity's DSPM powered by Cyera directly challenges Veeam's unified platform vision. Source code backup becomes legally mandatory under DORA, NIS2, and CPS 230 as cyber insurance policies require 3-2-1-1 strategies with immutable components.

Signals
33
Sections
5/5
Threats
8
Fresh
11
Updated
16d ago
Show

DevOps Platform Updates

scanned 16d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub npm v12 Security Defaults Block Supply Chain Attacks

<cite index="1-1,5-1">GitHub announced npm v12 will introduce security-focused changes that block dependency scripts, Git dependencies, and remote URLs unless explicitly approved</cite>. <cite index="1-8">Code execution and non-registry dependencies that currently trigger automatically during npm install will require explicit approval instead of being trusted by default</cite>. This directly impacts DevOps pipeline security as teams will need to review and approve dependencies that previously installed automatically during CI/CD builds.

githubBleepingComputer·21d agoNEW

Microsoft MDASH Integrates with Defender and GitHub Code Security

<cite index="39-1,40-2">Microsoft announced at Build 2026 that MDASH (multi-model agentic scanning) now integrates with Microsoft Defender and GitHub Code Security, routing vulnerability findings directly into the Defender Portal with production risk signals</cite>. <cite index="45-1,45-2">The integration enriches vulnerabilities with real production signals such as internet exposure and data sensitivity to inform prioritization</cite>. This represents a significant convergence of code security and runtime protection, directly competing with dedicated DevOps data protection platforms.

githubWindows Forum·29d agoRecent

GitLab 18.11 Launches Agentic AI Security Remediation

<cite index="8-2,10-2">GitLab released 18.11 with Agentic SAST Vulnerability Resolution now generally available, automatically generating ready-to-merge code fixes</cite>. <cite index="8-4,10-4">New subscription-level and per-user spending caps for GitLab Credits give organizations control over on-demand AI spend, enabling enterprise-wide rollout with predictable cost controls</cite>. The update directly targets DevOps security automation and positions GitLab as an AI-driven security platform competing with traditional security scanning tools.

gitlabGitLab Investor Relations·16 Apr

GitLab Transcend Previews Next-Gen Source Code Management for AI Agents

<cite index="11-3">GitLab announced at Transcend 2026 a Next Generation Source Code Management implementation claimed to enable agents to complete tasks up to 50 times faster, plus GitLab Orbit context graph delivering 11x faster responses while using 4.5x fewer tokens</cite>. <cite index="11-6">An AI Governance framework in private beta assigns identity, policy paths, and audit records to each agent action</cite>. This positions GitLab as a platform built specifically for AI-driven development workflows.

gitlabLet's Data Science·21d agoNEW

Microsoft June 2026 Patch Tuesday Addresses 200 Vulnerabilities

<cite index="17-3,17-4">Microsoft released June 2026 Patch Tuesday addressing 200 vulnerabilities including 3 publicly disclosed zero-day vulnerabilities, 33 critical-severity flaws with 28 remote code execution vulnerabilities</cite>. <cite index="17-5,17-6">The release arrives with only 17 days remaining until the Secure Boot certificate expiration deadline on June 26, 2026, creating emergency deployment conditions</cite>. This impacts Azure DevOps environments and requires immediate attention for enterprise DevOps infrastructure.

azure-devopsZecurit·22d agoNEW

Bitbucket Cloud SSH Access Migrates to ssh.bitbucket.org

<cite index="33-3,33-9">Bitbucket Cloud is separating SSH and HTTPS traffic, requiring all SSH-based Git operations to use new hostname ssh.bitbucket.org by November 12, 2026</cite>. <cite index="30-1,30-3">Bitbucket will release new runner version on June 3, 2026 with system updates, patches, and security fixes for both free and premium runners</cite>. This change affects DevOps teams using Git over SSH and requires infrastructure updates to maintain pipeline functionality.

bitbucketAtlassian Community·28d ago

Bitbucket Cloud Transitions to API Tokens from App Passwords

<cite index="35-4,35-7">Atlassian announced deprecation of app passwords in Bitbucket Cloud, transitioning to API tokens for more secure authentication with 12-month transition period ending June 9, 2026</cite>. <cite index="36-1,36-2">Organizations must migrate to API tokens before July 28, 2026 as they offer improved security, expiration controls, and centralized management</cite>. This authentication change impacts all automated DevOps integrations and backup tools connecting to Bitbucket repositories.

bitbucketAtlassian Blog·21d agoNEW