DevOps Platform Updates
scanned 16d ago8Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Copilot Transitions to Usage-Based Billing
GitHub moved all Copilot plans to usage-based billing on June 1, 2026, replacing flat monthly fees with AI Credits consumption model. Users now pay based on token usage across models, with Pro plans including $10/month in credits and Pro+ including $39/month. This affects enterprise budget planning as agentic workflows can consume $30-40 per session.
Microsoft Announces Azure DevOps and GitHub AI Strategy
Microsoft outlined its agentic AI roadmap for Azure DevOps and GitHub on June 2, 2026. The company is delivering new AI capabilities on GitHub across planning, coding, code review, and security while continuing Azure DevOps investments focused on security and code quality workflows.
GitLab 18.11 Expands Agentic AI Across DevSecOps Lifecycle
GitLab released version 18.11 expanding agentic AI with automated security remediation, pipeline configuration, and delivery analytics. The Duo Agent Platform now offers subscription-level spending caps and enterprise-wide AI cost controls. Security Analyst Agent and automated CI/CD failure diagnosis are included.
Critical GitHub RCE Vulnerability (CVE-2026-3854) Patched
GitHub patched a critical remote code execution vulnerability (CVE-2026-3854, CVSS 8.7) affecting GitHub.com and Enterprise Server. The command injection flaw allowed authenticated users with push access to achieve RCE through unsanitized push option values in git operations.
Atlassian Security Bulletin Reports 38 Vulnerabilities Fixed
Atlassian's April 2026 security bulletin disclosed 31 high-severity and 7 critical-severity third-party vulnerabilities fixed across Jira and Confluence products. The bulletin emphasizes patching to latest versions and includes ongoing legacy CVE tracking for Data Center and Server instances.
Azure DevOps Strengthens OAuth Security with Overlapping Secrets
Azure DevOps introduced overlapping secrets for OAuth clients to enhance security and streamline secret rotations. The feature allows adding new secrets while previous ones remain active, ensuring continuous application operation. Azure DevOps OAuth is scheduled for deprecation in 2026.
Confluence 9.2.19 Addresses High-Priority Security Vulnerability
Atlassian released Confluence 9.2.19 as a bug-fix release addressing a high-priority security vulnerability alongside fixes for permissions checks, memory usage, and PDF export functionality. The release maintains focus on Data Center security improvements.
Azure Build 2026 Introduces AI Gateway and Security Features
Azure Build 2026 announced new API Management capabilities including Unified Model API, Agent-to-Agent API support, and content safety controls. The updates focus on multi-model AI scenarios and cross-tenant customer-managed keys for enhanced security across DevOps workflows.