CI/CD
AI Is Accelerating DevOps, Poor Integrations Are Slowing It Down
As AI speeds up software delivery, the real bottleneck isn't scanning or CI. It's how safely and predictably change moves across tools, teams, and companies. Something strange is happening in DevOps right ...
IronWorm Malware Shares Shai-Hulud Traits, Takes Threat to ‘Next Level’
Jeff Burt | | ebpf, IronWorm, jfrog, malware, Miasma, OX Security, Rust programming language, Shai-Hulud worm, software developers, software supply chain attacks, TeamPCPOpen source software developers continue to come under attack, with the latest threat being a custom malware that shares many of the attributes of the notorious Shai-Hulud self-propagating worm but comes with ...
Shai-Hulud Clone ‘Miasma’ Compromises 32 Red Hat npm Packages
Jeff Burt | | Aikido Security, CI/CD (Continuous Integration/Continuous Deployment), Cloud Security, credential security, GitHub Actions, leaked secrets, npm malware, Orca Security, Shai-Hulud worm, TeamPCP, WizThe threat group behind the notorious Mini Shai-Hulud worm last month put the complete source code for the malware into a GitHub repository, essentially open sourcing the threat so that other bad ...
Postman Adds AI Agent to Automate API Development and Governance
Postman added an artificial intelligence (AI) agent to its portfolio of tools and platforms for building and governing application programming interfaces (APIs) that can autonomously perform tasks ranging from development and documentation ...
Sol Duara Readies Open Source Workflow Orchestration Platform for CD Foundation
Sol Duara, a provider of open source platforms for managing the software development lifecycle (SDLC), has announced its intent to contribute an open source orchestration platform for automating software development workflows to ...
CloudBees Survey Surfaces Increase in Production Issues Attributable to AI
A survey of 213 IT leaders, conducted by CloudBees, finds that while 93% report they are seeing productivity gains that are driven by increased adoption of artificial intelligence (AI) tools, a full ...
CI/CD Was Built for Deterministic Software — Agents Just Broke the Model
Alan Shimel | | agentic AI, CDCon, CI/CD, Deterministic Software, devops, Open Source Summit North AmericaCI/CD was built around a comforting idea: Software should do tomorrow what it did today, assuming the inputs are the same. That assumption sits underneath a lot of modern DevOps. It is ...
Widespread Mini Shai-Hulud Campaign Is a Matter of Trust
Jeff Burt | | 360 Privacy, AI supply chain attacks, Aikido Security, CI/CD security, credentials, Endor Labs, npm malware, Pathlock, Sectigo, Shai-Hulud worm, TeamPCP, trust in technologyThe latest series of attacks using the notorious Shai-Hulud worm puts into sharp focus the threats facing software developers and their CI/CD pipelines, an issue that has been raised in recent months ...
Your CI/CD Pipeline Has Non-Human Identities You Forgot About
Jay Goradia | | CI/CD security, infrastructure access, non-human identities, pipeline automation, workload identityA deployment starts failing late on a Friday evening. The initial assumption is that something changed in the application release. Teams start checking container images, Terraform plans and recent commits. Nothing looks ...
AI-Generated Apps Without DevOps: A Security Disaster Waiting to Happen
Sannan Ali | | AI coding assistants, application security, CI/CD security, devops, Software Supply ChainA small internal tool was built over a weekend. An engineer used an AI coding assistant to generate most of the backend. A simple interface was added, a few API calls were ...
Beyond the Build: Integrating Security into CI/CD Pipelines
In today's fast-paced software development landscape, Continuous Integration and Continuous Deployment (CI/CD) pipelines are essential for delivering applications efficiently. However, the speed and automation they offer can inadvertently introduce security vulnerabilities if ...
The Trust Problem With AI Agents in Production Pipelines
AI agents boost DevOps pipelines, but confident failures create risk. Here’s how to design for calibrated trust and human oversight ...
