For years, Bitnami has played a vital role in the open source and cloud-native community, making it easier for developers and operators to deploy popular applications with reliable, prebuilt container images and Helm charts. Countless teams have benefited from their work standardizing installation and updates for everything from WordPress to PostgreSQL. We want to acknowledge and thank Bitnami’s contributors for that important contribution. Recently, however, Bitnami announced significant changes to how their images are distributed. Starting this month, access to most versioned images will move behind a paid subscription under Bitnami Secure Images (BSI), with only the :latest tags remaining…
Author: drweb
You wouldn’t throw a new engineer into production with no documentation, no context, and no support. Yet that’s exactly how many teams are treating AI agents. As autonomous systems and LLM-based agents begin taking on responsibilities once reserved for humans, their onboarding is emerging as a DevOps function just as vital as CI/CD, observability, or access control. AI agents aren’t magic. They need well-defined environments, scoped permissions, data pipelines, and feedback loops to succeed. If DevOps doesn’t take ownership of onboarding them, you’re not deploying intelligence — you’re releasing liability. AI Agents are Entering Production Faster Than You Think AI agents are already…
Kumar Chivukula, co-founder and CEO of Codeglide.ai (a subsidiary of Upsera), explains why the rise of the Model Context Protocol (MCP) is reshaping how enterprises connect APIs to large language models. For years, APIs have served as the backbone of data access, but they were never designed with AI in mind. They lack memory, context, and intent awareness—forcing developers to bolt on brittle glue code every time models change.Anthropic’s introduction of MCP earlier this year marked a turning point, offering a standardized way to make APIs context-aware and AI-ready. But as Chivukula points out, adopting MCP isn’t just about creating…
Software development has never been tidy, but the current landscape feels more chaotic than ever. Shannon Mason, chief strategy officer for Tempo, dives into why software engineering workflows remain chaotic and what teams should be doing to try and restore application development order.Developers today face a relentless push to innovate while keeping complex codebases running securely and efficiently. AI has been billed as the great productivity booster, but early research paints a more nuanced picture. Cornell studies and MIT reports show that while AI tools can accelerate work for junior engineers or greenfield projects, they often slow down experienced developers…
At least one bad actor is targeted the Nx build system package in a supply chain attack this week, in which they stole a Nx NPM token that allowed them to publish malicious versions of the package to the registry and steal credentials and other data.The maintainers of the Nx this week alerted users to the attack, writing that “malicious versions of the Nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under user’s accounts.”At the center of the attack…
In the era of AI copilots and code generation tools productivity is skyrocketing, but so is the risk of insecure, untested, or messy code slipping into production. How do you ensure it doesn’t introduce vulnerabilities, bugs, or bad practices? A widely adopted tool to help address these concerns is SonarQube. It provides a rich set of rules and quality gates to analyze code for bugs, test coverage, code smells, and security issues. But there’s a common pain point: the feedback loop. You often need to switch between your IDE and SonarQube’s results, breaking focus and slowing iteration. What if your…
I think we might have forgotten this a bit, but on one of the pages, we have this title: A Meeting without an Objective is a Chat.You can see it below, with a few funny things.I don’t get too many meetings, at least not too often when I’m working remote. When I’m in the office, I’m usually there for meetings, and if I get 5, 6, or more a day, that’s fine.I do think that most of the meetings I’m involved in (outside of sales) are worthwhile and helpful. They tend to focus on topics or work that needs collaboration…
The resilience of DevOps platforms is being tested like never before. According to GitProtect.io’s just-released DevOps Threats Unwrapped: Mid-Year Report 2025, disruptions across the leading DevOps tools — GitHub, GitLab, Bitbucket, Jira and Azure DevOps — have grown not only in volume but in severity. The findings paint a stark picture: 330 incidents in the first half of 2025 alone, impacting developer velocity, business continuity, and cloud-native operations across the globe.If there was any doubt about the fragility of the DevOps ecosystem’s backbone, this report lays it to rest. GitHub, the most widely used source code repository in the world,…
As the software delivery cycle becomes more complex, engineering teams face increased pressure to achieve more with fewer resources. DevOps tooling is undergoing a silent revolution to meet these quick wins. The old way of building complex and heavyweight pipelines and workflows is constantly changing, giving room for a more streamlined and seamless automation-first approach. This is where simplicity, modularity, and cost matter as much as functionality. According to GitLab’s 2024 Global DevSecOps Survey, 64% of DevOps professionals say they need to consolidate their toolchains due to integration challenges, monitoring issues, and deployment delays. This toolchain is pushing engineering teams to…
In today’s fast-paced world of software development, product teams are expected to move quickly: building features, shipping updates, and reacting to user needs in real-time. But moving fast should never mean compromising on quality or security. Thanks to modern tooling, developers can now maintain high standards while accelerating delivery. In a previous article, we explored how Testcontainers supports shift-left testing by enabling fast and reliable integration tests within the inner dev loop. In this post, we’ll look at the security side of this shift-left approach and how Docker can help move security earlier in the development lifecycle, using practical examples.…