At Transcend 2026, GitLab launched updates to optimize its DevOps platform for AI-generated code, featuring Next Gen Source Code Management, GitLab Orbit, and an AI Governance framework.
Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable
A critical vulnerability in a popular Microsoft GitHub repository could allow a threat actor to easily exploit its CI/CD infrastructure to run arbitrary code in the repository and gain access to secrets, according to researchers with cybersecurity firm Tenable. In an advisory issued April 21, Rémy Marot, staff research engineer at Tenable, wrote that “by […]
‘PackageGate’ Vulnerabilities Can Let Attackers Bypass Shai-Hulud Defenses
In the wake of the massive Shai-Hulud supply chain attack that ripped through npm late last year and compromised more than 700 packages and exposed 25,000 repositories, developers in the JavaScript world embraced a two-part defense strategy. The widely adopted playbook called for disabling lifecycle scripts and using lockfiles. “It became the standard advice everywhere […]
Typosquat Supply Chain Attack Targets Go Developers
A backdoor that impersonates a widely used database module in the popular Go programming language can give hackers control of infected systems, according to a senior threat intelligence analyst with developer-focused platform provider Socket. The malicious package, which the threat actor first published in November 2021 and remains in the Go Module Proxy, typosquats the […]
Fake Stars in GitHub a Growing Security Threat, Analysis Finds
There was a surge of inauthentic stars on code repositories in 2024, ramping up the threat of software supply chain attacks.
Why and How to Go All-In on GitOps
When you can manage every cloud native deployment using a GitOps approach, as a consequence, declarative and automated processes become baked into your culture and transform your business.
GitLab Fixes Security Flaw That Lets Attackers Run Pipeline Jobs
If left unpatched, the vulnerability in the code repository could let threat actors run malicious code and access sensitive information.
Security, Automation and Developer Experience: The Top DevOps Trends of 2024
If you want to know what’s truly changing in the world of DevOps – as opposed to which conversations are most hype-worthy – these are the places to look.
Best of 2023: ‘Scrum == Cancer’ ¦ Plus: Linux 6.5 Ships
In this week’s #TheLongView: Scrum sucks, sources say; and here comes the Linux 6.5 kernel.
Microsoft kills Python 3.7 ¦ … and VBScript ¦ Exascaling ARM on Jupiter
In this week’s #TheLongView: VS Code drops support for Python 3.7, Windows drops VBScript, and Europe plans the fastest ARM supercomputer.