DevOps Pulse

Critical GitHub RCE vulnerability (CVE-2026-3854

CVSS 8.7) allows authenticated users with push access to achieve remote code execution through unsanitized git operations. GitHub's new usage-based billing for Copilot creates budget uncertainty as agentic workflows consume $30-40 per session. Trivy security scanner was compromised in a supply chain attack harvesting AWS, GCP, Azure, SSH, and Kubernetes credentials from millions of CI/CD pipelines. Veeam launched DataAI Command Platform with Agent Commander capabilities, directly challenging competitors through AI governance and security convergence.

Signals
34
Sections
5/5
Threats
7
Fresh
14
Updated
15d ago
Show

DevOps Platform Updates

scanned 16d ago8

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Copilot Transitions to Usage-Based Billing

GitHub moved all Copilot plans to usage-based billing on June 1, 2026, replacing flat monthly fees with AI Credits consumption model. Users now pay based on token usage across models, with Pro plans including $10/month in credits and Pro+ including $39/month. This affects enterprise budget planning as agentic workflows can consume $30-40 per session.

githubGitHub Blog·27 Apr

Microsoft Announces Azure DevOps and GitHub AI Strategy

Microsoft outlined its agentic AI roadmap for Azure DevOps and GitHub on June 2, 2026. The company is delivering new AI capabilities on GitHub across planning, coding, code review, and security while continuing Azure DevOps investments focused on security and code quality workflows.

azure-devopsAzure DevOps Blog·29d agoRecent

GitLab 18.11 Expands Agentic AI Across DevSecOps Lifecycle

GitLab released version 18.11 expanding agentic AI with automated security remediation, pipeline configuration, and delivery analytics. The Duo Agent Platform now offers subscription-level spending caps and enterprise-wide AI cost controls. Security Analyst Agent and automated CI/CD failure diagnosis are included.

gitlabBusiness Wire·16 Apr

Critical GitHub RCE Vulnerability (CVE-2026-3854) Patched

GitHub patched a critical remote code execution vulnerability (CVE-2026-3854, CVSS 8.7) affecting GitHub.com and Enterprise Server. The command injection flaw allowed authenticated users with push access to achieve RCE through unsanitized push option values in git operations.

githubThe Hacker News·28 Jan

Atlassian Security Bulletin Reports 38 Vulnerabilities Fixed

Atlassian's April 2026 security bulletin disclosed 31 high-severity and 7 critical-severity third-party vulnerabilities fixed across Jira and Confluence products. The bulletin emphasizes patching to latest versions and includes ongoing legacy CVE tracking for Data Center and Server instances.

jiraAtlassian Security·21 Apr

Azure DevOps Strengthens OAuth Security with Overlapping Secrets

Azure DevOps introduced overlapping secrets for OAuth clients to enhance security and streamline secret rotations. The feature allows adding new secrets while previous ones remain active, ensuring continuous application operation. Azure DevOps OAuth is scheduled for deprecation in 2026.

azure-devopsMicrosoft DevBlogs·23d agoRecent

Confluence 9.2.19 Addresses High-Priority Security Vulnerability

Atlassian released Confluence 9.2.19 as a bug-fix release addressing a high-priority security vulnerability alongside fixes for permissions checks, memory usage, and PDF export functionality. The release maintains focus on Data Center security improvements.

confluenceReleasebot·1 JunRecent

Azure Build 2026 Introduces AI Gateway and Security Features

Azure Build 2026 announced new API Management capabilities including Unified Model API, Agent-to-Agent API support, and content safety controls. The updates focus on multi-model AI scenarios and cross-tenant customer-managed keys for enhanced security across DevOps workflows.

azure-devopsHubSite365·25d agoRecent