Checkmarx this week revamped its DevSecOps platform to include an orchestration framework for managing tasks assigned to artificial intelligence (AI) agents. Additionally, the company has added two additional artificial intelligence (AI) agents trained to triage vulnerabilities and remediate them using code it generates for review while at the same time adding an ability to discover AI software assets, including models, agents, datasets, prompts and AI bill of materials (AI-BOM) components, to make it simpler to consistently enforce policies. Finally, Checkmarx has also infused its static application security testing (SAST) and dynamic application security testing (DAST) tools with AI capabilities to…
Author: drweb
Stripe built Minions. Ramp built Inspect. Coinbase built Cloudbot. Three engineering organizations, working independently, arrived at similar architectural decisions for their internal AI coding agents. LangChain noticed the convergence and open-sourced the pattern. Open SWE, released March 17, is an open-source framework built on LangChain’s Deep Agents and LangGraph that provides the core architectural components for internal coding agents. The MIT-licensed project isn’t trying to be another AI coding assistant. It’s a customizable foundation for organizations that want to build their own — the way Stripe, Ramp and Coinbase already have. The Convergence What caught LangChain’s attention was that these…
If you do any kind of local web development on Linux, you have almost certainly run into the browser warning that says “Your connection is not private” while testing your own app on localhost. It is not a real security threat, you know that, but it is annoying, and more importantly, it creates a problem when you need to test features that browsers restrict to secure origins, such as service workers, geolocation, clipboard access, camera and microphone permissions, and HTTP/2. The standard workaround is to set up a self-signed certificate manually, which involves generating a CA, signing a certificate, trusting…
Arcjet today added an ability to detect and block risky prompts before they are shared with a large language model (LLM) embedded within an application. The Arcjet AI prompt injection protection capability is based on an LLM that the company has been specifically training to detect patterns indicative of risky prompts that can then be blocked using a runtime policy engine built using WebAssembly (Wasm). That approach makes it simpler to embed the Arcjet policy engine into application code and apply it to endpoints built with JavaScript, Python or frameworks such as the Vercel AI software development kit (SDK) or…
Docker Captains are leaders from the developer community that are both experts in their field and are passionate about sharing their Docker knowledge with others. “From the Captain’s Chair” is a blog series where we get a closer look at one Captain to learn more about them and their experiences. Today we are interviewing Naga Santhosh Reddy Vootukuri, known by his nickname Sunny. Sunny is a Principal Software Engineering Manager at Microsoft Azure SQL organization with 17+ years of experience in building cloud distributed scalable systems. He’s also a Dapr Meteor and an open-source contributor to Dapr and Microcks, both…
Working in DevOps long enough teaches you two universal truths:Engineers love spinning things up.Finance loves asking why the bill looks like a phone number.That’s exactly why I lean heavily on FinOps. For me, it’s not just a framework — it’s the reality check that keeps cloud engineering both technically smart and financially sane. The lifecycle is simple: plan smart, track everything, optimise constantly, stay visible, and keep everyone accountable.Start With RealityBefore anything exciting goes live, I sit down with finance, leadership, and engineers to figure out goals and realistic spending. I look at historical usage, upcoming workloads, and growth patterns…
Terms of Contract Contract Type: Part-time contract position, up to 20 hours per week. Engagement Type: Ongoing, project-based support across multiple active client projects. Location: Fully remote, within the U.S. and Canada. Potential for Ongoing Work: Initial 2-3 month engagement with potential for long-term ongoing work beyond the initial engagement. About the Role We are seeking a detail-oriented Manual QA Tester to support quality assurance efforts across multiple custom web application projects. This role is ideal for someone who thrives in a dynamic agency environment, can quickly context-switch between projects, and maintains structured, disciplined testing processes. You will work closely…
Finding duplicates was an interview question for me years ago, and I’ve never forgotten it. Recently I got asked how to easily do this and delete them, so I decided to write a couple of posts on the topic. This one looks at simple, single column IDs. The next one will look at more complex situations.Another post for me that is simple and hopefully serves as an example for people trying to get blogging as #SQLNewBloggers.A Simple ScenarioLike many people, I like identity fields for primary keys. However, lots of people build tables like this:CREATE TABLE PurchaseOrder ( poid…
Policy as code is usually framed as a compliance tool. It blocks insecure configurations, enforces internal standards, and helps teams prove they meet audit or regulatory requirements. That framing is accurate, but incomplete. The same mechanism can also reduce waste. In many organizations, cloud cost is still reviewed after resources are live and spend is already visible on the bill. By then, the expensive decision has already been made. Policy as code gives platform teams a way to shape those decisions earlier, before waste becomes part of the default path. Why Cost Problems Grow Quietly Cloud overspend rarely comes from…
Oracle released Java 26 on March 17, 2026, and while every six-month release comes with its own set of improvements, this one carries a broader message: Java isn’t just keeping pace with the AI era — it’s actively positioning itself as the infrastructure layer where AI workloads will run. For DevOps teams managing large Java estates, that’s worth paying attention to. The Scale of What You’re Already Running Before getting into what’s new, it helps to remember what’s already in place. According to a 2025 VDC study, Java is the number one language for overall enterprise use and for cloud-native…