Report 2024 Edition

The State of DevOps Threats with the best recommendations

Building DevSecOps awareness is a team effort, hence we prepared a report focusing solely on practical examples, use cases, which will provide you with only the best [and tested] recommendations.

This report covers:

  • The major outages and security incidents to learn from
  • Review of 2023 GitHub, GitLab, and Atlassian issues
  • DevOps security: best data protection practices
  • Recommendations + list of additional resources
The State of DevOps Threats
NHS
Wharton
Zoop
HEMA
RED
State of California
Turntide
Mobica
Telecom
All-in-One GitHub Backup Platform

Dive deep into DevOps threats
- incidents post mortem

  • gear

    The Atlassian 22’ outage

    Human error was the culprit of the longest Atlassian downtime in history [2 weeks+]

  • servers

    GitLab database incident

    In 2017 GitLab suffered major backup failure after data deletion incident

  • shield

    Ransomware and repository wipes

    Organizations are losing access to data within their repos, are experiencing downtime, and data leak

Still think your data is already backed-up?

SaaS providers operate in the Shared Responsibility Model. As such, they are responsible for the entire cloud infrastructure, but limit the responsibility for data protection at the account level.

GitHub GitHub Terms of Service

You understand that use of the cloud products necessarily involves transmission of your data over networks that we do not own, operate or control, and we are not responsible for any of your data lost, altered, intercepted or stored across such networks. We cannot guarantee that our security procedures will be error-free, that transmissions of your data will always be secure or that unauthorized third parties will never be able to defeat our security measures or those of our third party service providers.

Make sure yourself
Bitbucket Atlassian Security Practices

We do not use these backups to revert customer-initiated destructive changes, such as fields overwritten using scripts, or deleted issues, projects, or sites. To avoid data loss, we recommend making regular backups.

Make sure yourself
GitLab GitLab Subscription Agreement

Customer is responsible for implementing and maintaining privacy protections and security measures for components that Customer provides and controls.

Make sure yourself
Jira Atlassian Customer Agreement

(...) neither party will have any liability arising out of or related to this Agreement for any loss of use, lost data, lost profits, interruption of business or any indirect, special, incidental, reliance or consequential damages of any kind, even if informed of their possibility in advance.

Make sure yourself
Azure DevOps Microsoft Terms of Use

In no event shall Microsoft and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of software, documents, provision of or failure to provide services, or information available from the services.

Make sure yourself

Check other resources

Learn about DevOps backup best practices

DevOps Backup Best Practices
DevOps Backup Best Practices

DevOps Backup Best Practices

DevOps Backup Best Practices
DevOps Backup Cheat Sheet

DevOps Backup Cheat Sheet

Other Reports and Guides

Other Reports and Guides

DevOps Backup Use Cases

DevOps Backup Use Cases

DevSecOps X-Ray Newsletter

DevSecOps X-Ray Newsletter

Knowledge Base

Knowledge Base

YouTube Channel

YouTube Channel

GitProtect.io Blog

GitProtect.io Blog

Page 1
Page 2
Page 3
Page 4
Page 5
Page 6
Page 7