Google’s Gemini CLI Plan Mode enforces read-only research-first workflows—using higher-reasoning models for strategy, ask_user prompts for clarification, and read-only MCP integration—so agents propose vetted implementation plans before code changes
Tool Fragmentation is Breaking Delivery Context — Here’s What Teams are Learning
Explore the emerging crisis in application delivery caused by tool fragmentation in modern software development. This article discusses the need for semantic interoperability, context preservation, and a shift from linear pipelines to graph-based architectures to enhance efficiency and reduce cognitive load for developers
Secrets Management Failures in CI/CD Pipelines
Explore the critical role of secrets management in CI/CD pipelines and its impact on cybersecurity. This article highlights the risks of credential exposure, the importance of implementing strong security practices, and how organizations can ensure robust defenses against breaches and supply chain attacks.
4 Security Risks of AI Code Assistants
AI coding assistants can introduce vulnerabilities, privacy risks, and dependency issues. Learn key cybersecurity practices to safely use AI in software development.
Security Controls That Slow Teams Are Usually Poorly Designed
Discover strategies to enhance security controls in DevOps, emphasizing the shift from gates to guardrails and the importance of designing around real workflows.
Lessons from 2025: The Year “Agent Mitigation” Became a Thing
Explore the emergence of agent mitigation as a formal discipline in response to 2025’s AI failures, highlighting best practices for secure and reliable AI agent deployment.
Veracode Extends Scope and Reach of DevSecOps Portfolio
Veracode today updated its risk management tool to provide integration with Kubernetes runtime environments, increased integration with code repositories to make it simpler to identify the origin of vulnerabilities and, available shortly, an ability to add tags and classifications to help streamline remediation efforts.
Avoid Security Apathy with DevSecOps
Against the backdrop of rapid digital transformation accelerated by the pandemic, every industry has seen an increase in high-level cybersecurity breaches. As organizations continue to support distributed and remote work, organizations must address the risk of incomplete security policies and procedures resulting in exposure to IT risk of all kinds. SolarWinds recently revealed findings of […]
Our API Mess is Coming
APIs are the satisfaction of a long and deep need to be able to create consistent and reliable integrations between disparate systems, operating systems and datasets. As we started to use REST-based APIs, we also realized they fulfilled a previously little-addressed gap in automation. Frankly, they are a force multiplier in DevOps delivery. Early efforts […]
Managing Business Risk in a DevOps Context
We hear a lot in the industry about the importance of automation in DevOps to enable speed. However, there is another element that is often missing in the discussion – risk, compliance and security. Traditionally we have a zero-sum approach, where we need to either go fast or be safe and secure. It’s one or […]