Alan Shimel analyzes the 2025 surge in disruptions and security incidents across DevOps platforms such as GitHub and Azure DevOps, summarizing impacts on resilience, uptime, and developer productivity.

Surge in DevOps Platform Incidents: 2025 Mid-Year Analysis

Authored by Alan Shimel, this article examines data from GitProtect.io’s ‘DevOps Threats Unwrapped: Mid-Year Report 2025’, providing a technical assessment of rising incidents affecting critical DevOps tools.

Key Findings from the Mid-Year Report

  • 330 incidents across GitHub, Azure DevOps, GitLab, Bitbucket, and Jira in the first half of 2025.
  • Disruptions and outages significantly impacted developer velocity, CI/CD pipelines, and business continuity.

Azure DevOps: Stability Concerns Deepen

  • 74 incidents recorded (Jan–Jun 2025), more than any other platform analyzed.
    • Pipelines: 31 disruptions (21% of issues)
    • Boards: 28 incidents
    • Test Plans: 28 incidents
    • Repos: 27 incidents
    • Artifacts: 6 incidents
    • Core Services: 16 incidents
  • Notable Event: 159-hour global degradation in January, slowing builds and deployments.
  • Geographic Impact: 34% of incidents in Europe; lower impact in India and Australia.

GitHub: Major Rise in Operational Disruptions

  • 109 incidents (58% increase over H1 2024).
    • 17 major, 78 minor disruptions
    • Over 330 hours of downtime in April
    • Both open source and enterprise repositories affected
  • Reliability issues are impacting commit velocity and CI/CD reliability.

GitLab and Jira: Data Breaches & Ransomware

  • GitLab: 59 incidents (~1346 hours), including a major source code theft at Europcar Mobility Group affecting 200,000 customers.
  • Jira: 66 incidents (24% YoY increase), 2,390+ hours of downtime, and new ransomware attacks targeting major enterprises (HellCat group, credential compromises).
  • Increasing sophistication of ransomware and source code theft across the DevOps stack.
  • Emphasis on moving beyond perimeter security toward self-healing infrastructure, observability, and fast recovery.
  • The convergence of operational resilience and cybersecurity.

Strategic Takeaways

  • Outages and attacks on platforms like Azure DevOps and GitHub present not only operational, but also security and business risks.
  • Organizations must anticipate failures, focus on backup/recovery, and integrate cybersecurity measures into DevOps workflows.
  • CI/CD pipelines are now seen as critical attack surfaces.

Further Reading

This article provides an evidence-driven, down-to-earth look at the operational and cybersecurity realities facing modern DevOps teams in 2025. Data, categories of disruption, and insights will benefit Microsoft consultants and engineering leaders tackling platform reliability and security.

This post appeared first on “DevOps Blog”. Read the entire article here