Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

CI/CD

security, speed, DevOps

Cyber Threats to DevOps Platforms Rising Fast, GitProtect Report Finds

| | Azure DevOps, CI/CD, code repositories, Cybersecurity, DevOps platform downtime, devops security, extortion, GitHub security, GitProtect.io DevOps Threats report, GPUGate, JIRA, Kaspersky Lab, NPM security, Ransomware, Shai-Hulud
The number of incidents targeting DevOps platforms grew 21% in 2025, but the amount of downtime jumped almost 95%, the security firm said ...
DevsecOps software supply chain data, pipelines, data lineage

Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable

| | Aqua Security Trivy, CI/CD cyberthreats, exposed secrets, GitHub Actions, IANS Research, malicious code, microsoft, OWASP Top 10, remote code execution, software development security, software supply chain attacks, software vulnerabilities, Tenable
A critical vulnerability in a popular Microsoft GitHub repository could allow a threat actor to easily exploit its CI/CD infrastructure to run arbitrary code in the repository and gain access to secrets, ...
From Code to Cloud: How Full-Stack Developers are Taking Over DevOps

From Code to Cloud: How Full-Stack Developers are Taking Over DevOps

| | CI/CD, devops, docker, full-stack developers, Terraform
Full-stack developers are taking on DevOps, using CI/CD, Docker and Terraform to own the software lifecycle from code to cloud ...
CloudBees Delivers on AI Promise to Improve Application Testing

CloudBees Delivers on AI Promise to Improve Application Testing

| | ai, application testing, CI/CD, cloudbees
CloudBees has made generally available an add-on for continuous integration/continuous deployment (CI/CD) platforms that uses artificial intelligence (AI) to determine which tests should be run first based on the likelihood there will ...
How AI is Shaping Modern DevOps and DevSecOps

How AI is Shaping Modern DevOps and DevSecOps

| | AI code assistants, AI in DevOps, CI/CD pipelines, devsecops, dora metrics
AI is reshaping DevOps and DevSecOps by improving CI/CD workflows, DORA metrics and security without adding unnecessary complexity ...
open source, software, security, open-source, Lineaje, Linux, open source, report, study, Open source code

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project

| | Axios, CI/CD, Google Threat Intelligence Group, JavaScript dependencies, Mandiant, North Korea, remote access trojan (RAT), Socket, sonatype, supply chain attack, TeamPCP
The threat actor targeted a highly popular open source project with more than 100 million weekly downloads, creating a large "blast radius." ...
continuous testing, strategy, cloud testing, plan, software testing, web application, testing, test, security, DevSecOps, Tools, API tools, testing, GenAI, SmartBear Redgate test engineers, AI-driven, Applitools SapientAI software, automated, PractiTest test automation continuous test low-code testing automation PagerDuty

The Trust Tax Framework: Measuring Developer Confidence in CI/CD Systems 

| | Automated Testing Culture, CI/CD Trust, continuous integration, Developer Experience (DevEx), DevOps metrics, flaky tests, Infrastructure Ownership, Mean Time to Confidence, Override Rate, Re-run Rate, Test Quarantine
Is your re-run rate over 30%? Discover the "Trust Tax" killing your DevOps ROI. Learn to manage flaky tests through automatic quarantine, contextual reporting, and cultural shifts ...
supply chain, software, Checkmarx, data, Endor, SCA, supply chain, security, workflows, supply chain, software, supply chain security, appsec, polyfill, software, supply chains, DevOps, DevSecOps, Google supply chain

Sophisticated Supply Chain Attack Targeting Trivy Expands to Checkmarx, LiteLLM

| | AI (Artificial Intelligence), AI supply chain attacks, Aqua Security Trivy, Checkmarx, Cloud Security, credentials, exposed secrets, GitHub Actions, LiteLLM, microsoft, Palo Alto Networks, Sysdig, TeamPCP
The supply chain attack that compromised Aqua Security’s Trivy open source security vulnerability scanner and its associated GitHub Actions earlier this month continues to expand, with software development tools from Checkmarx and ...
Two Malicious npm Packages Aim to Steal Credentials and Other Secrets

Two Malicious npm Packages Aim to Steal Credentials and Other Secrets

| | API Keys, CI/CD pipelines, credential theft, Data Exfiltration, exposed secrets, GitHub repositories, , malicious npm packages, sonatype
Bad actors took over a npm maintainer account and have published two malicious packages designed to steal credentials, API keys, and other secrets from the computers of victims who download them from ...
performance testing, CI/CD, building, Argo CD, pipeline, misconfigured, CI/CD, pipelines, pipeline, identity, zero trust, CI/CD, pipelines, AI/ML, database, DevOps, pipelines eBPF Harness CI/CD

The Future of AI in Software Quality: How Autonomous Platforms are Transforming DevOps

| | agentic AI, CI/CD pipelines, devops automation, software quality, static analysis
Agentic AI is transforming DevOps by embedding autonomous quality checks into CI/CD pipelines, improving code security, coverage and speed ...
ADM Palo Alto Networks Mendix CI/CD dependency AppSmith impact mapping

How OPA Changed Our Go-No-Go Forever

| | application release management, CI/CD, devsecops, OPA, policy as code
Learn how Open Policy Agent (OPA) transformed go/no-go releases from subjective meetings into automated, auditable, policy-driven decisions embedded directly in the CI/CD pipeline ...
Test Automation Strategy for Growing Software Teams

Test Automation Strategy for Growing Software Teams

| | CI/CD, DevOps practices, regression testing, software quality, test automation
Build a scalable test automation strategy that improves release speed, reduces defects, and supports growing software teams ...
Show More