DevOps.com is now providing a weekly DevOps jobs report through which opportunities for DevOps professionals will be highlighted as part of an effort to better serve our audience. Our goal in these challenging economic times is to make it just that much easier for DevOps professionals to advance their careers. Of course, the pool of available DevOps talent is still relatively constrained, so when one DevOps professional takes on a new role, it tends to create opportunities for others. The five job postings shared this week are selected based on the company looking to hire, the vertical industry segment and…
Author: drweb
Mar 23, 2026 Trivy supply chain compromise: What Docker Hub users should know On March 19, 2026, threat actors compromised Aqua Security’s CI/CD pipeline and used stolen credentials to push backdoored versions of the aquasec/trivy vulnerability scanner to Docker Hub. A second wave of compromised images followed on March 22. The malicious images contained an infostealer targeting CI/CD secrets, cloud credentials, SSH keys, and Docker configurations. This post summarizes what happened, what Docker did in response, and what you should do if you use Trivy. Read now
In today’s world, this might mean something different, but in 2010, we had this value:In our context, this was about being open and transparent. This is the text from the facing page:No gossiping, no intrigue, no pussy-fitting around problems and no telling people what you think they want to hear whist privately disagreeing. We will be transparent in our dealings.In a small company (2010 must have been 200-ish people), this made a lot of sense and I think overall we minimized politics. I don’t know this will ever be a “no politics” world for Redgate or any other, but we…
This article uses straightforward Spring Boot examples to illustrate how your application can inadvertently lose messages or process them twice due to the Kafka offset commit mechanism. It builds upon the scenarios discussed in two of my previous posts on Kafka and Spring Boot, offering deeper insights: Source Code Feel free to use my source code if you’d like to try it out yourself. To do that, you must clone my sample GitHub repository. Then you should only follow my instructions. How It Works Before diving into the exercise, let’s explore how Spring Kafka handles offset commit. By default, the Spring…
Sysdig this week at the RSA Conference (RSAC) revealed it has created a runtime that makes it possible to securely deploy artificial intelligence (AI) coding tools. Jonas Rosland, director of the open source program for Sysdig, said the runtime makes it possible to monitor the activity of AI coding agents in real time, including potential credential risks. It also enables investigation of incidents involving AI agent activity, he added. Additionally, AI agents can be prevented from opening sensitive files or bypassing credential controls. Risky command-line arguments that weaken safeguards, such as allowing unrestricted file writes, are also prevented. Dangerous activity…
GitHub is preparing a significant change to how it trains the AI models behind its Copilot coding assistant. Beginning April 24, the Microsoft-owned platform will collect user interaction data by default to improve its AI systems, unless users actively disable the setting. The update applies to individuals using Copilot Free, Pro, and Pro+ tiers. Enterprise and business customers are excluded, based on contractual protections often negotiated by larger organizations. For millions of individual developers, however, the shift introduces a new baseline: participation in AI training is automatic unless explicitly declined. “If you choose to help us improve our models with…
Product-market fit sounds abstract until you miss it. Harvard Business Review reports that 34% of startups fail because they never truly achieve product-market fit. That number isn’t about bad engineering. It’s usually about building something that works technically but doesn’t resonate with real users in real conditions. UI/UX design services exist to reduce that risk. Not by guessing. Not by polishing visuals. But by testing whether the product solves a problem people actually care about. Companies like Fuselab Creative approach product-market fit as a validation process, not a milestone you declare when growth starts. Product-Market Fit Is Behavioral, Not Declarative…
Embedded software development has traditionally followed a different rhythm than mainstream software engineering. Hardware availability drives schedules. Validation cycles are longer. Releases are deliberate. Documentation is extensive. For good reason, embedded systems often operate in safety-critical or highly regulated environments. However, expectations around software delivery have shifted. Connected products, over-the-air updates, security mandates and shorter market windows are creating new pressures for embedded teams. The result? Many organizations are exploring how DevOps principles can be applied — thoughtfully — to embedded environments. Why Embedded Teams are Revisiting Their Delivery Model Across industries such as automotive, medical devices, aerospace and industrial controls, a consistent pattern is emerging: Integration happens…
Python developers have never been more in demand. The language dominates data science, machine learning, automation, and backend development. But here is something that trips up a lot of otherwise talented developers when they start looking for senior roles or interviewing at companies that run production workloads: they can write elegant code but cannot explain the infrastructure it runs on. Ask a Python developer to build a data pipeline, and they will hand you clean, well-documented code. Ask them to explain the difference between IaaS, PaaS, and SaaS, or to describe how Azure Functions differ from an Azure Virtual Machine,…
Releases Welcome to PhpStorm 2026.1! This release brings new PhpStorm MCP tools, new third-party agents inside your IDE, support for Git worktrees, and lots of other productivity-enhancing features for PHP and Laravel developers. Download PhpStorm 2026.1 PhpStorm MCP tools In PhpStorm 2025.2, we added an integrated MCP server for third-party coding agents like Claude Code, Windsurf, or Codex to access and use your IDE’s tools. In 2026.1, we are extending the MCP server toolset with more PhpStorm features, including: Inspections and quick-fixes that enable agents to leverage PhpStorm’s powerful static analysis engine. IDE search capabilities, including PhpStorm’s structural search and…