Secure Code Warrior has made available a set of security rules for application developers using artificial intelligence (AI) tools to generate code.Company CTO Matias Madou said the AI Security Rules made available on GitHub are intended to encourage developers to review code generated by AI for security issues that these tools may inadvertently introduce. Most AI tools were trained using samples of code that were randomly collected from across the web. As such, they can introduce vulnerabilities simply because they were trained using code that contains similar flaws, noted Madou.Additionally, the AI Security Rules encourage developers to establish guardrails that…
Author: drweb
If you’ve spent any time wrangling data pipelines, you know that Apache Airflow is a staple in the orchestration world. Whether you’re scheduling ETL jobs, triggering ML workflows, or orchestrating DAGs across environments, Airflow is the go-to tool. But with great power often comes great complexity–especially when it’s time for an upgrade.Apache Airflow 3.0 is not just another version bump. It’s a fundamental shift that touches every part of the platform–from DAG parsing to task execution, API behavior to UI responsiveness. In this post, we’ll dive deep into the key updates and answer the most important question: Is it worth…
How to Build, Run, and Package AI Models Locally with Docker Model Runner Introduction As a Senior DevOps Engineer and Docker Captain, I’ve helped build AI systems for everything from retail personalization to medical imaging. One truth stands out: AI capabilities are core to modern infrastructure. This guide will show you how to run and package local AI models with Docker Model Runner — a lightweight, developer-friendly tool…
Throughout my tenure as a DevOps cloud solutions architect, I’ve consistently observed a profound and persistent challenge in modern cloud environments: the relentless, yet often insidious, phenomenon of configuration drift. While change is an inherent and necessary component of agile development, its uncontrolled proliferation subtly erodes infrastructure integrity. Configuration drift, the divergence of deployed infrastructure from its source-defined configuration, has emerged as a critical vulnerability, particularly within the complex AWS environments I’ve managed, orchestrated by infrastructure as code (IaC) tools like Terraform. The genesis of drift is multifaceted: Whether it’s manual edits in the AWS Console, stealthy shadow automation scripts deployed…
How to Build, Run, and Package AI Models Locally with Docker Model Runner Introduction As a Senior DevOps Engineer and Docker Captain, I’ve helped build AI systems for everything from retail personalization to medical imaging. One truth stands out: AI capabilities are core to modern infrastructure. This guide will show you how to run and package local AI models with Docker Model Runner — a lightweight, developer-friendly tool…
Many infrastructure technology teams believe they have mastered infrastructure automation, but the data tells a different story. We commissioned a survey to explore the state of infrastructure automation, and this research uncovered a stark gap between perception and reality. While 45% of organizations believe they have achieved a high level of infrastructure automation, only 14% exhibit the behavior and technology patterns of infrastructure automation excellence. This is one of the illuminating findings of our survey of 413 infrastructure tool purchase decision-makers and influencers, conducted by Panterra. Full results are detailed in “The State of Infrastructure Automation” report, available for download. What I…
Docker State of App Dev: Security In the evolving world of software development, one thing is clear — security is no longer a siloed specialty. It’s a team sport, especially when vulnerabilities strike. That’s one of several key security findings in the 2025 Docker State of Application Development Survey.
Ty is a brand new, extremely fast Python type checker written in Rust from the fine folks at Astral, the makers of Ruff. Ty is in preview and is not ready for production use, but you can still try it out on your code base to see how it compares to Mypy or other popular Python type checkers. Getting Started with ty You can try out ty using the online playground, or run ty with uvx to get started quickly: uvx ty If you prefer to install ty, you can use pip: python -m pip install ty Astral provides other installation methods…
I decided to update software on my laptop recently during a trip. I’m loathe to do this on most trips, as I don’t want any instability before a presentation. Usually once I hit the airport, I don’t change anything.This time I’m visiting a few customers and don’t need to use my computer. I’ll be taking notes on paper, and while working in the hotel, I decided to upgrade Rancher Desktop after a notification, as well as SSMS, VS, and a few other pieces of software. I decided to patch my SQL Servers as well, which was easy. This post shows…
The mainframe powers large – and vital – elements of the global economy. Mainframe DevOps and new innovations offer the potential for delivering greater value, faster. Yet market data suggests significant challenges in achieving it. What can be done to beat the bottlenecks in mainframe delivery? The Mainframe: Powering the Future of Enterprise ComputingThe mainframe market comprises thousands of well-known, successful organizations and institutions worldwide. These organizations span the financial services, insurance, retail, logistics, transportation, and government sectors, among others, serving millions of clients. Their IT infrastructure is among the most active, processing billions of transactions as they support vast areas…