Azure DevOps

Azure DevOps discovered multiple critical vulnerabilities including SSRF and CRLF injection flaws in endpointproxy and Service Hooks components, allowing DNS rebinding attacks and unauthorized access to internal services with risks of data leakage and token theft.

Azure DevOps recorded 74 incidents in H1 2025, including a 159-hour performance degradation affecting Managed DevOps Pools. Multiple components (Pipelines, Boards, Repos, Test Plans) can be simultaneously affected, causing multi-day delays in builds and deployments.

Implementing solid CI/CD pipelines in Azure DevOps or GitHub Actions is complicated, with frequent failures due to build agent issues, variable management problems, and incorrect pipeline permissions.

Azure DevOps Server requires significant infrastructure setup and operational overhead, particularly for smaller teams. It has limited scalability for large projects compared to Azure DevOps Services (cloud version).

Manual deployment and testing processes create significant overhead, slow release cycles, and increase error rates. Automation is critical but often difficult to implement in Azure environments.

Developers struggle with slow feedback from CI/CD pipelines and flaky releases, requiring better monitoring, notification systems, and manual approval strategies.

DevOps and CI/CD transformation efforts often lack backing from senior management, making it difficult to secure resources, establish governance, and drive organizational adoption.