- \n
- Azure DevOps recorded a total of 74 incidents<\/strong>, including one of the longest-lasting performance degradations<\/strong> that spanned 159 hours<\/strong>.<\/li>\n\n\n\n
- European users were particularly affected, accounting for 34% <\/strong>of all incidents on Azure DevOps.<\/li>\n\n\n\n
- GitHub saw a 58% year-over-year increase<\/strong> in the number of incidents, reaching 109 reported cases<\/strong>:\n
- \n
- 17 of them were classified as major, leading to over 100 hours of total disruption<\/strong>.<\/li>\n\n\n\n
- April stood out as the most turbulent month, with incidents accumulating to 330 hours and 6 minutes<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
- \n
- GitLab patched 65 vulnerabilities<\/strong> and faced 59 incidents<\/strong>, resulting in approximately 1,346 hours of service disruption<\/strong>.<\/li>\n\n\n\n
- Bitbucket experienced 22 incidents<\/strong> of varying impact, which together lasted more than 168 hours<\/strong>.<\/li>\n\n\n\n
- Jira reported over 2,390 hours of cumulative downtime<\/strong> across its ecosystem \u2013 that\u2019s nearly 100 full days<\/strong> of service disruption.<\/li>\n\n\n\n
- A total of 330 incidents<\/strong> impacted DevOps platforms in the first half of 2025.<\/li>\n<\/ul>\n\n\n\n
If your DevOps pipeline is the heart of your organization\u2019s innovation, consider these your warning signs. <\/p>\n\n\n\n\n\n
Azure Devops<\/h2>\n\n\n\n
In the first half of the year, Azure DevOps experienced a total of 74 incidents<\/strong>, including 3 advisory cases and 71 incidents of degraded performance. <\/p>\n\n\n\n
Some incidents impacted multiple components at the same time, while others affected only a single component. For instance, one outage could disrupt Pipelines, Boards, Repos, and Test Plans simultaneously. In our methodology, such an event is counted as one incident overall, even if it influenced several services. Within this total, the components were affected the following number of times:<\/p>\n\n\n\n
- \n
- Pipelines: affected 31 times (21%) \u2013 the most unstable component<\/li>\n\n\n\n
- Boards: affected 28 times (19%)<\/li>\n\n\n\n
- Test Plans: affected 28 times (19%)<\/li>\n\n\n\n
- Repos: affected 27 times (18%)<\/li>\n\n\n\n
- Core Services: affected 16 times (11%)<\/li>\n\n\n\n
- Other services: affected 15 times (10%)<\/li>\n\n\n\n
- Artifacts: affected 6 times (4%)<\/li>\n<\/ul>\n\n\n\n
![\"Mid-year](\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/01_Azure-1000x900-1-768x691-1.png\")
<\/figure><\/div>\n\n\nIn January 2025, Azure DevOps users worldwide faced one of the longest-lasting performance<\/a> degradations on record\u2014 a 159-hour disruption<\/strong> that severely impacted pipeline functionality. For almost a week, users trying to create Managed DevOps Pools within new subscriptions without existing pools experienced persistent failures. These attempts repeatedly timed out with the provisioning error: \u201cThe resource write operation failed to complete successfully, because it reached terminal provisioning state \u2018Canceled\u2019.\u201d<\/em> The issue led to delays in builds, deployments, and onboarding processes across affected environments, highlighting the operational risks tied to large-scale platform dependencies.<\/p>\n\n\n\n
Another serious security challenge for Microsoft Azure DevOps in 2025 was the discovery of multiple critical vulnerabilities<\/a>, including SSRF and CRLF injection flaws within the endpointproxy and Service Hooks components. These vulnerabilities could be exploited to carry out DNS rebinding attacks and allow unauthorized access to internal services. Such attacks present significant risks in cloud environments, including data leakage and potential theft of access tokens. In response, Microsoft released security patches and awarded a $15,000 bug bounty to the researchers who discovered the issues.<\/p>\n\n\n\n
Additionally, it\u2019s worth noting that European customers experienced a higher number of incidents \u2013 <\/strong>27 incidents, representing roughly 34% of all incidents. In contrast, Azure DevOps users in India and Australia reported the fewest incidents of degraded performance, accounting for only 4% of all incidents.<\/p>\n\n\n\n
GitHub<\/h2>\n\n\n\n
GitHub experienced a significant 58% rise<\/strong> in incidents during the first half of 2025, jumping from 69 cases <\/strong>in H1 2024 to 109<\/strong> this year. <\/p>\n\n\n\n
Among this year\u2019s incidents, 17 were classified as major, causing over 100 hours of total disruption. <\/strong>That\u2019s enough time to run over 1,000 CI\/CD pipelines from start to finish or binge-watch the entire Marvel Cinematic Universe. <\/p>\n\n\n\n
Seventy-eight incidents (72%) had a minor impact.<\/p>\n\n\n
\n![\"Mid-year](\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/02_GitHub-1000x900-2-768x691-1.png\")
<\/figure><\/div>\n\n\nMay recorded the highest number of incidents, with 23 reported cases, while April saw the longest cumulative incident duration, totaling 330 hours and 6 minutes.<\/strong><\/p>\n\n\n\n
In the first half of 2025, GitHub Actions emerged as the most affected component, with 17 incidents, including a major disruption in May that lasted 5 hours. The outage, caused by a backend caching misconfiguration, delayed nearly 20% of Ubuntu-24 hosted runner jobs in public repos. This could have slowed down development cycles, impacted release schedules, and reduced productivity for teams relying on GitHub Actions for continuous integration. GitHub resolved the issue by redeploying components and scaling resources, and committed to improving failover resilience going forward. <\/p>\n\n\n\n
Meanwhile, attackers actively exploited GitHub to spread malware. Among the most notable malware campaigns noticed during this time were Amadey, Octalyn Stealer, AsyncRAT, ZeroCrumb, and Neptune RAT. <\/p>\n\n\n\n
GitLab<\/h2>\n\n\n\n
In the first half of 2025, GitLab patched 65 vulnerabilities<\/strong> of varying severity, marking a slight decrease from the 70 vulnerabilities disclosed during the same period in 2024.<\/p>\n\n\n\n
During this time, GitLab also experienced 59 incidents, <\/strong>totaling approximately 1,346 hours of disruption. <\/strong>These included partial service disruptions (20 incidents \u2013 34%) and degraded performance (17 \u2013 29%), followed by operational issues (10 incidents \u2013 17%), full service outages (7 incidents, adding up to over 19 hours of downtime \u2013 12%)<\/strong>, and planned maintenance (5 incidents \u2013 8%).<\/p>\n\n\n\n
The longest service disruption<\/a> lasted for over 4 hours and was caused by issues related to a specific worker and traffic saturation that affected the primary database. This incident led to 503 errors and impacted the availability of GitLab.com services for users.<\/p>\n\n\n
\n![\"Mid-year](\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/03_GitLab-1000x900-1-1.png\")
<\/figure><\/div>\n\n\nOne of the most notable incidents involved a data breach at Europcar Mobility Group data breach<\/a>. The attackers successfully infiltrated GitLab repositories and stole source code for Android and iOS applications, along with personal information of up to 200,000 customers.<\/p>\n\n\n\n
Atlassian<\/h2>\n\n\n\n
Bitbucket<\/h3>\n\n\n\n
In H1, Bitbucket experienced 22 incidents<\/strong> with varying severity, resulting in over 168 hours of downtime.<\/strong> Among these, 2 critical incidents lasted for over 4 hours, impacting key services including Website, API, Git via SSH, Authentication and user management, Webhooks, Source downloads, Pipelines, Git LFS, and more.<\/p>\n\n\n
\n![\"Mid-year](\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/04_Bitbucket-1000x900-1-1.png\")
<\/figure><\/div>\n\n\nJanuary 2025 proved to be one of the most challenging months for Bitbucket, highlighted by a major outage widely reported on DownDetector. For 3 hours and 47 minutes, access to Bitbucket Cloud\u2019s<\/a> website, APIs, and pipelines was completely unavailable, disrupting developer workflows worldwide.<\/p>\n\n\n\n
Jira<\/h3>\n\n\n\n
Atlassian\u2019s Jira ecosystem \u2013 including Jira, Jira Service Management, Jira Work Management, and Jira Product Discovery \u2013 experienced 66 incidents<\/strong> in the first half of 2025, marking a 24%<\/strong> increase compared to H1 2024. Altogether, these disruptions added up to more than 2,390 hours<\/strong>, or nearly 100 full days of downtime.<\/strong><\/p>\n\n\n\n
Much of this downtime resulted from a prolonged maintenance period that began in mid-March and extended through the end of May. As a consequence, users of the Free edition of Jira services, particularly those located in Singapore and Northern California, may have experienced outages lasting up to 120 minutes per customer.<\/p>\n\n\n\n
As mentioned, Jira recorded 66 unique incidents. Some of these incidents impacted multiple products simultaneously. The numbers below reflect total disruptions per product rather than unique events. <\/p>\n\n\n\n
Jira users were the most affected, with 52 disruptions<\/strong> (39% of all Jira-related service impacts). Jira Service Management followed with 46 disruptions (35%), while Jira Work Management experienced 24 (18%). Jira Product Discovery had the fewest, with 11 disruptions (8%).<\/p>\n\n\n
\n![\"Mid-year](\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/05_Jira-Products-1000x900-1-1.png\")
<\/figure><\/div>\n\n\nJira was also at the center of several notable incidents in early 2025. One of the most concerning involved a string of ransomware attacks carried out by the HellCat group. The attackers developed a playbook for infiltrating organizations via Atlassian Jira instances, using stolen credentials to gain access. High-profile victims included Telef\u00f3nica<\/a>, Orange Group<\/a>, Jaguar Land Rover,<\/a> Asseco Poland<\/a>, HighWire Press (USA)<\/a>, Racami (USA)<\/a>, and LeoVegas Group (Sweden)<\/a>.<\/p>\n\n\n\n
Over 300 incidents in the DevOps ecosystem<\/h2>\n\n\n\n
In total, 330 incidents of various severity levels were recorded across the major code hosting and collaboration platforms, ranging from Azure DevOps to Jira.<\/p>\n\n\n\n
Here\u2019s how the incident breakdown looks across platforms:<\/p>\n\n\n\n
- \n
- GitHub \u2013 33% of all incidents<\/li>\n\n\n\n
- Azure DevOps \u2013 22%<\/li>\n\n\n\n
- GitLab \u2013 18%<\/li>\n\n\n\n
- Jira platform tools (Jira, JWM, JSM, JPD) \u2013 20%<\/li>\n\n\n\n
- Bitbucket \u2013 7%<\/li>\n<\/ul>\n\n\n\n
![\"Mid-year](\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/06_ALL-1000x900-1-1.png\")
<\/figure><\/div>\n\n\nWhile not all of them caused full-outages, the scale and distribution of these events reveal a lot about where the ecosystem’s weak points might be. Whether it\u2019s version control, issue tracking, or CI\/CD pipelines \u2013 these interruptions remind us that even the most popular platforms face reliability challenges. And for teams building software at scale, stability can no longer be taken for granted.<\/p>\n\n\n\n
When Dev Platforms Go Down<\/h2>\n\n\n\n
DevOps teams can\u2019t afford to wait passively when their core tools go down. Proactive backup, well-defined contingency plans, and flexible workflows make the difference between delivery and recovery.<\/p>\n\n\n\n
- \n
- Back it up.<\/strong> Use automated backups for code, pipelines, issues, and boards. <\/li>\n\n\n\n
- Work local. <\/strong>Ensure the ability to code with local clones and offline workflows.<\/li>\n\n\n\n
- Mirror critical repos.<\/strong> Redundancy across platforms (e.g., GitHub \u2194 GitLab) keeps projects moving.<\/li>\n\n\n\n
- Review and adapt.<\/strong> After any outage, run a quick post-mortem. Improve what didn\u2019t work.<\/li>\n<\/ul>\n\n\n\n
Methodology note<\/strong>
All data comes from GitProtect’s internal analyses. Percentages may not add up to 100 due to rounding.<\/p>\n","protected":false},"excerpt":{"rendered":"From minor hiccups to full-blown blackouts, the first half of 2025 made it clear that even the most trusted DevOps platforms are not immune to disruption.<\/p>\n","protected":false},"author":8,"featured_media":7255,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-7253","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","post--single"],"yoast_head":"\n
DevOps Threats Unwrapped: Mid-Year Report 2025 - Blog | GitProtect.io<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DevOps Threats Unwrapped: Mid-Year Report 2025 - Blog | GitProtect.io\" \/>\n<meta property=\"og:description\" content=\"From minor hiccups to full-blown blackouts, the first half of 2025 made it clear that even the most trusted DevOps platforms are not immune to disruption.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog | GitProtect.io\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XoperoSoftware\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-19T07:11:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-25T12:46:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/00_HEADER.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Daria Kulikova, Content Writer at GitProtect.io\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@GitProtectio\" \/>\n<meta name=\"twitter:site\" content=\"@GitProtectio\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daria Kulikova, Content Writer at GitProtect.io\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/\"},\"author\":{\"name\":\"Daria Kulikova, Content Writer at GitProtect.io\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/6618fde5a7cf7e327fefa4f0035466d3\"},\"headline\":\"DevOps Threats Unwrapped: Mid-Year Report 2025\",\"datePublished\":\"2025-08-19T07:11:56+00:00\",\"dateModified\":\"2025-09-25T12:46:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/\"},\"wordCount\":1526,\"publisher\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/00_HEADER.png\",\"articleSection\":[\"News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/\",\"url\":\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/\",\"name\":\"DevOps Threats Unwrapped: Mid-Year Report 2025 - Blog | GitProtect.io\",\"isPartOf\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/00_HEADER.png\",\"datePublished\":\"2025-08-19T07:11:56+00:00\",\"dateModified\":\"2025-09-25T12:46:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#primaryimage\",\"url\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/00_HEADER.png\",\"contentUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/00_HEADER.png\",\"width\":1200,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\/\/gitprotect.io\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DevOps Threats Unwrapped: Mid-Year Report 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#website\",\"url\":\"https:\/\/gitprotect.io\/blog\/\",\"name\":\"GitProtect.io Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/gitprotect.io\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#organization\",\"name\":\"GitProtect.io\",\"url\":\"https:\/\/gitprotect.io\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png\",\"contentUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png\",\"width\":528,\"height\":528,\"caption\":\"GitProtect.io\"},\"image\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/XoperoSoftware\/\",\"https:\/\/x.com\/GitProtectio\",\"https:\/\/www.linkedin.com\/company\/xopero-software\/\",\"https:\/\/www.youtube.com\/channel\/UCiEnl6n0mIO6w7twccz-l2w\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/6618fde5a7cf7e327fefa4f0035466d3\",\"name\":\"Daria Kulikova, Content Writer at GitProtect.io\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2024\/09\/daria-kulikova-content-writer-at-gitprotect.io_avatar-96x96.jpg\",\"contentUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2024\/09\/daria-kulikova-content-writer-at-gitprotect.io_avatar-96x96.jpg\",\"caption\":\"Daria Kulikova, Content Writer at GitProtect.io\"},\"description\":\"Daria is a Content Specialist at GitProtect.io, who has a degree in linguistics and an extensive translation background in different areas, including technology, IT, economics, etc. She loves self-improvement, so when she is offline, it\u2019s easy to find her learning and expanding her knowledge in Cybersecurity, and DevSecOps.\",\"url\":\"https:\/\/gitprotect.io\/blog\/author\/daria-kulikova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DevOps Threats Unwrapped: Mid-Year Report 2025 - Blog | GitProtect.io","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/","og_locale":"en_US","og_type":"article","og_title":"DevOps Threats Unwrapped: Mid-Year Report 2025 - Blog | GitProtect.io","og_description":"From minor hiccups to full-blown blackouts, the first half of 2025 made it clear that even the most trusted DevOps platforms are not immune to disruption.","og_url":"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/","og_site_name":"Blog | GitProtect.io","article_publisher":"https:\/\/www.facebook.com\/XoperoSoftware\/","article_published_time":"2025-08-19T07:11:56+00:00","article_modified_time":"2025-09-25T12:46:26+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/00_HEADER.png","type":"image\/png"}],"author":"Daria Kulikova, Content Writer at GitProtect.io","twitter_card":"summary_large_image","twitter_creator":"@GitProtectio","twitter_site":"@GitProtectio","twitter_misc":{"Written by":"Daria Kulikova, Content Writer at GitProtect.io","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#article","isPartOf":{"@id":"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/"},"author":{"name":"Daria Kulikova, Content Writer at GitProtect.io","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/6618fde5a7cf7e327fefa4f0035466d3"},"headline":"DevOps Threats Unwrapped: Mid-Year Report 2025","datePublished":"2025-08-19T07:11:56+00:00","dateModified":"2025-09-25T12:46:26+00:00","mainEntityOfPage":{"@id":"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/"},"wordCount":1526,"publisher":{"@id":"https:\/\/gitprotect.io\/blog\/#organization"},"image":{"@id":"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/00_HEADER.png","articleSection":["News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/","url":"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/","name":"DevOps Threats Unwrapped: Mid-Year Report 2025 - Blog | GitProtect.io","isPartOf":{"@id":"https:\/\/gitprotect.io\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#primaryimage"},"image":{"@id":"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/00_HEADER.png","datePublished":"2025-08-19T07:11:56+00:00","dateModified":"2025-09-25T12:46:26+00:00","breadcrumb":{"@id":"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#primaryimage","url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/00_HEADER.png","contentUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/08\/00_HEADER.png","width":1200,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/gitprotect.io\/blog\/devops-threats-unwrapped-mid-year-report-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/gitprotect.io\/blog\/"},{"@type":"ListItem","position":2,"name":"DevOps Threats Unwrapped: Mid-Year Report 2025"}]},{"@type":"WebSite","@id":"https:\/\/gitprotect.io\/blog\/#website","url":"https:\/\/gitprotect.io\/blog\/","name":"GitProtect.io Blog","description":"","publisher":{"@id":"https:\/\/gitprotect.io\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/gitprotect.io\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/gitprotect.io\/blog\/#organization","name":"GitProtect.io","url":"https:\/\/gitprotect.io\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png","contentUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png","width":528,"height":528,"caption":"GitProtect.io"},"image":{"@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XoperoSoftware\/","https:\/\/x.com\/GitProtectio","https:\/\/www.linkedin.com\/company\/xopero-software\/","https:\/\/www.youtube.com\/channel\/UCiEnl6n0mIO6w7twccz-l2w"]},{"@type":"Person","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/6618fde5a7cf7e327fefa4f0035466d3","name":"Daria Kulikova, Content Writer at GitProtect.io","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/image\/","url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2024\/09\/daria-kulikova-content-writer-at-gitprotect.io_avatar-96x96.jpg","contentUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2024\/09\/daria-kulikova-content-writer-at-gitprotect.io_avatar-96x96.jpg","caption":"Daria Kulikova, Content Writer at GitProtect.io"},"description":"Daria is a Content Specialist at GitProtect.io, who has a degree in linguistics and an extensive translation background in different areas, including technology, IT, economics, etc. She loves self-improvement, so when she is offline, it\u2019s easy to find her learning and expanding her knowledge in Cybersecurity, and DevSecOps.","url":"https:\/\/gitprotect.io\/blog\/author\/daria-kulikova\/"}]}},"_links":{"self":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts\/7253","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/comments?post=7253"}],"version-history":[{"count":18,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts\/7253\/revisions"}],"predecessor-version":[{"id":7527,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts\/7253\/revisions\/7527"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/media\/7255"}],"wp:attachment":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/media?parent=7253"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/categories?post=7253"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/tags?post=7253"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} - Work local. <\/strong>Ensure the ability to code with local clones and offline workflows.<\/li>\n\n\n\n
- Back it up.<\/strong> Use automated backups for code, pipelines, issues, and boards. <\/li>\n\n\n\n
- Bitbucket experienced 22 incidents<\/strong> of varying impact, which together lasted more than 168 hours<\/strong>.<\/li>\n\n\n\n
- April stood out as the most turbulent month, with incidents accumulating to 330 hours and 6 minutes<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
- European users were particularly affected, accounting for 34% <\/strong>of all incidents on Azure DevOps.<\/li>\n\n\n\n