The resilience of DevOps platforms is being tested like never before. According to GitProtect.io’s just-released DevOps Threats Unwrapped: Mid-Year Report 2025, disruptions across the leading DevOps tools — GitHub, GitLab, Bitbucket, Jira and Azure DevOps — have grown not only in volume but in severity. The findings paint a stark picture: 330 incidents in the first half of 2025 alone, impacting developer velocity, business continuity, and cloud-native operations across the globe.
If there was any doubt about the fragility of the DevOps ecosystem’s backbone, this report lays it to rest. GitHub, the most widely used source code repository in the world, saw a 58% year-over-year increase in incidents. Azure DevOps suffered a 159-hour performance degradation in a single event. Jira, widely used for project and issue tracking, endured more than 2,390 hours of cumulative downtime—nearly 100 full days of disruption.
It’s clear: In 2025, the platforms we rely on to build software are showing signs of strain.
Azure DevOps: Stability Concerns Deepen with 74 Incidents
Azure DevOps topped the list in terms of the number of unique incidents, with 74 recorded from January through June. Some of these hit multiple components simultaneously, but one part of the platform stood out as the most unreliable: Pipelines, with 31 individual service disruptions — 21% of Azure’s total issues.
Other areas affected include:
- Boards: 28 disruptions (19%)
- Test Plans: 28 (19%)
- Repos: 27 (18%)
- Core Services: 16 (11%)
- Artifacts: 6 (4%)
The most severe event was a 159-hour global degradation that unfolded in January, significantly slowing down build and deployment processes for nearly a full week. Geographically, Europe absorbed the brunt of the fallout, accounting for 34% of incidents, while India and Australia saw fewer issues — just 4%.
GitHub: 109 Incidents and 330+ Hours of Downtime
GitHub’s status as the world’s go-to platform for open source and enterprise repositories makes its instability particularly alarming. In the first half of 2025, the platform logged 109 incidents, a 58% jump from H1 2024’s total of 69.
Breakdown of GitHub’s disruptions:
- 17 major incidents, causing 100+ hours of disruption
- 78 minor incidents, which still had productivity impacts
- May was the worst month, with 23 incidents
- April saw the longest cumulative downtime at 330 hours and 6 minutes
This is more than just an operations problem — it’s a developer experience issue that could impact everything from commit velocity to CI/CD reliability.
GitLab: 1,346 Hours of Disruption and a Major Data Breach
Though GitLab disclosed slightly fewer vulnerabilities than H1 2024 (65 vs. 70), it suffered 59 incidents totaling approximately 1,346 hours of service degradation.
Types of issues:
- Partial service disruptions: 20 incidents (34%)
- Degraded performance: 17 (29%)
- Operational issues: 10 (17%)
- Full service outages: 7 (12%), totaling over 19 hours of downtime
- Planned maintenance: 5 (8%)
One particularly alarming incident wasn’t about downtime — but data loss. Attackers breached GitLab repositories belonging to Europcar Mobility Group, stealing Android and iOS source code along with personal information of up to 200,000 customers. It’s a reminder that in today’s threat landscape, service uptime and cybersecurity are inextricably linked.
Jira: 66 Incidents, 100 Days of Downtime, and Ransomware on the Rise
Atlassian’s Jira suite faced 66 incidents in H1 2025 — a 24% increase over the same period last year. Combined, these incidents resulted in over 2,390 hours of disruption, equivalent to nearly 100 full days. The prolonged impact stemmed in part from an extended maintenance window that affected free-tier users in Singapore and Northern California, with some customers experiencing outages of up to 120 minutes each.
Breakdown of incidents by product:
- Jira: 52 disruptions (39%)
- Jira Service Management: 46 (35%)
- Jira Work Management: 24 (18%)
- Jira Product Discovery: 11 (8%)
Beyond technical failures, cyberattacks added a new dimension to Jira’s woes. The HellCat ransomware group leveraged stolen credentials to breach Jira instances at major companies, including:
- Telefónica
- Orange Group
- Jaguar Land Rover
- Asseco Poland
- HighWire Press
- Racami
- LeoVegas Group
These attacks weren’t just disruptive — they were damaging. They reveal how closely operational resilience and cybersecurity are converging in the DevOps age.
The Bigger Picture: DevOps Uptime is Now a Strategic Risk
“We are witnessing a clear upward trend in outages and disruptions across DevOps platforms, but also in the frequency and sophistication of ransomware attacks and source code thefts, demonstrating that traditional perimeter security is no longer sufficient,” said Greg Bak, Head of Product Enablement at GitProtect.io.
“Anticipating failures before they happen, paired with self-healing infrastructure and recovery strategies that go beyond just technology, will redefine how organizations safeguard uptime, data integrity and business continuity,” Bak continued.
In short, the DevOps stack isn’t just suffering growing pains — it’s facing an evolution in risk profile. As CI/CD pipelines become attack surfaces, and developer tools become threat vectors, the idea of resilience must expand from “uptime” to include backup, observability and fast recovery.
Read the Full Report
For more granular data and methodology details, visit the full report here.
