In the era of AI copilots and code generation tools productivity is skyrocketing, but so is the risk of insecure, untested, or messy code slipping into production. How do you ensure it doesn’t introduce vulnerabilities, bugs, or bad practices? A widely adopted tool to help address these concerns is SonarQube. It provides a rich set of rules and quality gates to analyze code for bugs, test coverage, code smells, and security issues. But there’s a common pain point: the feedback loop. You often need to switch between your IDE and SonarQube’s results, breaking focus and slowing iteration. What if your…
Author: drweb
I think we might have forgotten this a bit, but on one of the pages, we have this title: A Meeting without an Objective is a Chat.You can see it below, with a few funny things.I don’t get too many meetings, at least not too often when I’m working remote. When I’m in the office, I’m usually there for meetings, and if I get 5, 6, or more a day, that’s fine.I do think that most of the meetings I’m involved in (outside of sales) are worthwhile and helpful. They tend to focus on topics or work that needs collaboration…
The resilience of DevOps platforms is being tested like never before. According to GitProtect.io’s just-released DevOps Threats Unwrapped: Mid-Year Report 2025, disruptions across the leading DevOps tools — GitHub, GitLab, Bitbucket, Jira and Azure DevOps — have grown not only in volume but in severity. The findings paint a stark picture: 330 incidents in the first half of 2025 alone, impacting developer velocity, business continuity, and cloud-native operations across the globe.If there was any doubt about the fragility of the DevOps ecosystem’s backbone, this report lays it to rest. GitHub, the most widely used source code repository in the world,…
As the software delivery cycle becomes more complex, engineering teams face increased pressure to achieve more with fewer resources. DevOps tooling is undergoing a silent revolution to meet these quick wins. The old way of building complex and heavyweight pipelines and workflows is constantly changing, giving room for a more streamlined and seamless automation-first approach. This is where simplicity, modularity, and cost matter as much as functionality. According to GitLab’s 2024 Global DevSecOps Survey, 64% of DevOps professionals say they need to consolidate their toolchains due to integration challenges, monitoring issues, and deployment delays. This toolchain is pushing engineering teams to…
In today’s fast-paced world of software development, product teams are expected to move quickly: building features, shipping updates, and reacting to user needs in real-time. But moving fast should never mean compromising on quality or security. Thanks to modern tooling, developers can now maintain high standards while accelerating delivery. In a previous article, we explored how Testcontainers supports shift-left testing by enabling fast and reliable integration tests within the inner dev loop. In this post, we’ll look at the security side of this shift-left approach and how Docker can help move security earlier in the development lifecycle, using practical examples.…
Analyzing casino odds isn’t just number-crunching; it’s a tug-of-war with probability, randomness, and outcomes that don’t always behave. Python helps, maybe more than most tools, because it gives you a quick way to poke at these systems from different angles. With libraries like random, numpy, and pandas, you can peel back the mechanics of games such as slots, blackjack, and roulette. Write a few scripts, simulate a few thousand trials, and suddenly you’re staring at probabilities and long-run strategy curves that feel uncomfortably honest. It’s not magic, just reproducible experimentation. And yes, the takeaway often nudges you toward the same…
Embracing Total ResponsibilityIn every organization there comes a moment when teams must choose between passing blame or owning every outcome. The mindset of extreme ownership calls on leaders and contributors alike to accept full responsibility for successes and failures. When accountability becomes a shared value, teams break free of negative cycles and move together toward clear objectives. This approach transforms ordinary managers into visionary stewards of innovation.Deepening the Principle of Total ResponsibilityExtreme ownership does not mean assigning fault to yourself for every slip or setback. It means actively seeking lessons in every result. Leaders who embody this principle examine processes…
A survey of 785 development and security professionals working on embedded systems published this week finds 89% of organizations are already using artificial intelligence (AI) coding assistants, but 39% also noted that only certain developers are allowed to use them.Conducted by Censuswide on behalf of Black Duck Software, the survey also finds that 96% of respondents are integrating open source AI models into their products.Unfortunately, rapid adoption appears to be outpacing the development of necessary governance and security measures, with 21% of respondents lacking confidence in their ability to prevent AI from introducing security vulnerabilities.A total of 18% also admit…
If your Notion workspace feels more like a data graveyard than a command center, you’re not alone. I’ll show you how to connect SQL to your Notion setup so you can stop just tracking tasks and start making seriously smart, data-backed decisions.I practically live in Notion. It’s my hub for project management, content planning, and personal notes. Its flexibility is its greatest strength. But eventually, I hit a ceiling. A hard one. I wanted to dig deeper into my own data—to spot trends, analyze project timelines, or figure out why my team felt so overwhelmed. Notion, for all its glory,…
Generative AI (GenAI) is reshaping how software is built. Tools like GitHub, Copilot, ChatGPT and Replit Ghostwriter have rapidly become indispensable in the modern development toolkit, promising increased throughput, reduced toil and faster time-to-market. They suggest code snippets, automate documentation, predict bugs, and even guide architectural decisions. We’re entering an era where developers don’t just write code; they collaborate with machines that do it for them. But this speed comes at a cost: A rising wave of exploitable vulnerabilities baked into AI-generated code. A paradox is emerging. The same tools enabling rapid innovation also reintroduce legacy vulnerabilities, spread insecure patterns, and inadvertently…