By establishing a robust DevOps foundation now, organizations can leverage these emerging predictive capabilities to transform reactive pipelines into proactive, self-correcting release architectures.
OpenTelemetry Achieves CNCF Graduated Project Status
The Cloud Native Computing Foundation (CNCF) today announced that the open source OpenTelemetry (OTel) project has officially graduated a little more than seven years after its initial adoption. Announced at the Observability North America Summit, OpenTelemetry was first donated to the CNCF in 2019 following the merger of separate OpenTracing and OpenCensus projects that sought […]
OpenSSF’s CRob: ‘The Runway Is Rapidly Running Out’ on EU CRA Readiness
The EU’s Cyber Resilience Act kicks into high gear this September, and companies are still clueless about how they must obey its strictures. MINNEAPOLIS — At Open Source Summit North America, Christopher “CRob” Robinson, Chief Security Architect for the Open Source Software Foundation (OpenSSF), spoke about the European Union’s (EU) Cyber Resilience Act (CRA). CRob […]
Widespread Mini Shai-Hulud Campaign Is a Matter of Trust
The latest series of attacks using the notorious Shai-Hulud worm puts into sharp focus the threats facing software developers and their CI/CD pipelines, an issue that has been raised in recent months as bad actors increasingly turn their attention to DevOps environments. That said, these most recent Shai-Hulud incidents attributed to the TeamPCP group also […]
How Open Source Dependency and Repo Attacks Compromise DevOps Pipelines and How to Stay Safe
Modern applications rely on open source components for up to 90% of their code, creating a vast attack surface dominated by inhemalicious supply chain injections. High-profile incidents like Log4j and the sabotage of colors.js highlight that traditional scanning often fails to detect sophisticated “protestware” or dependency confusion, necessitating 19 practical controls focused on strict intake governance, dependency pinning, and behavioral monitoring to secure the development lifecycle.
IBM Bob Takes AI Coding Assistants to the Next Level
IBM Bob goes beyond AI-assisted coding to support the full software development lifecycle — with governance, security, and multi-model orchestration built in.
Cyber Threats to DevOps Platforms Rising Fast, GitProtect Report Finds
The number of incidents targeting DevOps platforms grew 21% in 2025, but the amount of downtime jumped almost 95%, the security firm said.
Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable
A critical vulnerability in a popular Microsoft GitHub repository could allow a threat actor to easily exploit its CI/CD infrastructure to run arbitrary code in the repository and gain access to secrets, according to researchers with cybersecurity firm Tenable. In an advisory issued April 21, Rémy Marot, staff research engineer at Tenable, wrote that “by […]
Claude Code Routines: Anthropic’s Answer to Unattended Dev Automation
Anthropic’s Claude Code Routines let dev teams automate scheduled tasks, GitHub events, and API-triggered workflows from managed cloud infrastructure.
Microsoft Field Engineers Built a Six-Agent Research Pipeline in VS Code That Fact-Checks Its Own Output
Azure Global Black Belts Diego Casati and Ray Kao developed Project Nighthawk, a multi-agent system that automates deep technical research for AKS and ARO with 100% source-grounding
- 1
- 2
- 3
- …
- 78
- Next Page »