GitProtect.io has released a report detailing a significant increase in outages and security incidents across key DevOps platforms, including GitHub, GitLab, Jira, Bitbucket, and Azure DevOps.
Report findings
The CISO's Guide to DevOps Threats, the latest publication from GitProtect.io, highlights that 2024 has been marked by notable growth in service disruptions and vulnerabilities affecting development teams worldwide. The report analyses incident data and the resulting impacts for some of the most widely used development environments, with a combined user base of approximately 1.2 billion.
Among the platforms surveyed, Jira exhibited a 44% year-on-year increase in reported incidents, rising from 75 in 2023 to 132 in 2024. These incidents caused an accumulated 2,131 hours of downtime, equivalent to 266 standard working days or nearly 13 full weeks of lost productivity. The study notes that the trend is persistent, recording a 63% increase in incident numbers compared to 2022. In the third quarter of 2024 alone, Jira users experienced over 7 hours of critical disruptions.
Bitbucket, another popular tool in the Atlassian suite, recorded 38 incidents in 2024, leading to more than 110 hours of downtime. With additional maintenance windows included, the total impact rose close to 200 hours, with more than 70 hours classified as critical or major disruptions.
GitHub and GitLab incidents
GitHub's service saw a reduction in the number of incidents, falling 25% to 124 events in 2024, down from 165 in the previous year. However, despite this improvement, users still contended with approximately 800 hours of degraded performance, translating to over 100 working days lost across 26 major and 97 minor incidents. The third quarter was particularly unstable, with 42 incidents noted.
GitLab faced a 21% increase in reported incidents, growing from 76 in 2023 to 97 in 2024. The platform also had to address 153 vulnerabilities and experienced 798 hours of service disruption. Just 44 incidents collectively contributed to over 585 hours of partial outage, and September stood out as a challenging month with 21 critical vulnerabilities resolved.
Azure DevOps impact
Azure DevOps, operated by Microsoft, was also affected by service interruptions. The platform suffered 826 hours of downtime across 111 incidents, disrupting services for a period equal to roughly 103 standard working days - approximately 28% of a typical working year. The report suggests these extended outages had a significant operational impact, noting that the lost time could amount to 8 to 10 completed hackathon cycles under normal circumstances.
Underlying causes
"The source of these numbers across all platforms is rarely limited to isolated technical failures. In most cases, they result from the growing complexity of DevOps environments and the lack of comprehensive, end-to-end visibility across the entire software delivery pipeline. The widespread adoption of distributed architectures, CI/CD practices, and multi-cloud infrastructures significantly increases the challenge of detecting vulnerabilities, enforcing consistent security policies, and responding to incidents in real time," explains Greg Bak, Chief of R&D at GitProtect.io. "Without a robust backup and disaster recovery strategy, even minor incidents can escalate into critical outages, data loss, or delays in software delivery. Resilience must be embedded into every phase of DevOps - from code repositories to production runtime," Bak added.
Industry context
The compiled data underlines the growing operational risks in a landscape increasingly reliant on complex integration, distributed systems, and continuous delivery methods. The report's analysis suggests that as organisations continue to adopt advanced development practices and multi-cloud environments, there is a corresponding rise in both the frequency and duration of service disruptions and security incidents.
The CISO's Guide to DevOps Threats also includes discussion of emerging cyber threats targeting DevOps environments - covering malware such as Lumma Stealer, NJRat trojans, fraudulent repositories, and various platform vulnerabilities. These findings indicate that security and continuity planning remain critical challenges for DevOps teams operating within today's interconnected software infrastructure.
