There was a time when compliance meant a quarterly ritual. Someone from security would walk over with a spreadsheet, ask a few questions, tick a few boxes and disappear until the next audit cycle. The infrastructure team would scramble to prove that yes, encryption was enabled, and no, that S3 bucket was not public anymore. Everyone felt relieved, went back to shipping features and quietly hoped nothing would drift before the next review. That model is dead; it just hasn’t been buried yet. The problem is not that teams lack security awareness. Most engineering organizations today understand that vulnerabilities need catching early and that production environments need hardening. The problem is that compliance has historically lived…
Author: drweb
Akuity this week at the KubeCon + CloudNativeCon Europe conference revealed it has added an ability to customize the steps used to promote applications into a production environment using a Kargo orchestration engine it developed to manage software using a GitOps workflow. Company CEO Hong Wang said the Custom Steps capability added to Kargo will enable software engineering teams to define any promotion logic as a native step in a pipeline, including, for example, running a policy check or security scan. The overall goal is to eliminate the need to create custom scripts or rely on manual processes to extend…
The supply chain attack that compromised Aqua Security’s Trivy open source security vulnerability scanner and its associated GitHub Actions earlier this month continues to expand, with software development tools from Checkmarx and LiteLLM being the latest victims of the sophisticated campaign. The threat group behind it, TeamPCP, is using the attacks to create persistence and to steal credentials and sensitive digital keys from organizations. “The TeamPCP stealer’s primary function is harvesting credentials from CI runner memory,” Sysdig threat researchers wrote. “When a compromised Trivy action executes in a workflow, it extracts GitHub personal access tokens (PATs) and other secrets from…
The pitch is irresistible. An AI agent that investigates your 2 a.m. production incident, correlates signals across dozens of services, cross-references your runbooks and hands you a root-cause analysis before your on-call engineer has finished rubbing their eyes. This is the promise of AI reliability engineering (AIRE), and in 2025, a wave of startups and incumbents are racing to deliver it. What the pitch decks don’t show you is the gap between buying the tool and actually benefiting from it. Most organizations are not ready, and the ones that are discovering this the hard way are doing so at the worst possible time: In the middle of an outage. The AIRE Landscape is Moving…
DevOps has changed fast in the last decade. Scripts became pipelines. Pipelines became platforms. Now, AI agents in DevOps automation are leading the next wave. Today’s cloud systems are complex. Teams manage containers, microservices and hybrid clouds. Manual work slows them down. Traditional automation also struggles with scale. That is why AI agents in DevOps automation are gaining attention. Many organizations now partner with an experienced AI development company to design intelligent systems that support automation at scale. These systems help teams reduce manual effort while improving accuracy. These agents do more than follow rules. They observe systems, learn from data and act on their own. Many teams…
I previously wrote about how the underlying technology for Fabric mirroring changed with SQL Server 2025. The latest version of mirroring that uses the SQL Server Change Feed is reading from the database transaction logs and pushing the data to a landing zone in OneLake. The data is then merged into the Delta tables for the Fabric mirrored database.In this blog post, we will look at how to monitor this process, both in SQL Server and in Fabric. Monitoring in the Fabric PortalThe item page for the mirrored database in the Fabric portal shows replication status for the database overall…
LocalStack at the KubeCon + CloudNativeCon Europe conference this week unveiled a revamped command line interface (CLI), dubbed 1stk, for its framework that enables emulations of Amazon Web Services (AWS) environments to be run on a local machine. The CLI in version 3 of the AWS 2026 edition of the framework, in addition to providing a single binary that is easier to install, also adds a Terminal UI (TUI) that walks developers through steps such as authentication or setting up an AWS profile. Additionally, it offers better log viewing, which is now also turned off by default. At the same…
In this episode, we hear from two sisters who put together a beginner’s book about Python. The unique hook for their book is that one sister wrote the text while the other did the illustrations. Listen in as we learn about these incredible sisters and how they got into software programming, writing, and technical education. You can check out their book, Python Illustrated, on Packt or Amazon. Maaike is an Udemy instructor, and she also has courses on Pluralsight. This episode was originally published on The Python Show!
Last December, the International Telecommunication Union (ITU), the United Nations’ (UN) body for information and communication technologies, supported Open Cybersecurity Schema Framework (OCSF) for ratification as an international standard by June 2026. Standardization is now a global necessity as governments worldwide integrate ITU standards into their national cybersecurity policies. First, What is OCSF? The OCSF provides a standardized approach to streamline security operations, improve threat detection, and accelerate incident response. This unlocks the full potential of security data. A standardized schema for security events normalizes data from various sources, which creates a unified foundation for advanced analytics and AI-powered tools. This standardization is crucial…
A few days ago, I published my proposition of the Claude Code template for a typical Spring Boot application in this GitHub repository. The level of interest in this repository has exceeded my highest expectations. I’ve received a lot of feedback from you, but I’m looking forward to more. Of course, the project itself is still under development. So if you’d like to provide feedback or have ideas for improving it, I encourage you to create issues, pull requests, or visit the “Discussions” panel, which I’ve enabled for this repository. If you’re interested in Java and Spring Boot applications, particularly…