Why AI Is Following the Same Path as Software Development
Devs have a habit of solving their own problems before anyone else's and the AI boom is repeating that pattern.
Operations | Monitoring | ITSM | DevOps | Cloud
The Place Where Modern Operations & Technology Come Together
The latest News and Information on Continuous Integration and Development, and related technologies.
Cooldown policies - Block malicious packages at the index
Every dependency pull is a trust decision. Public registries don't vet what they serve. Cooldown policies give you a gate at the moment that matters most: when a package first enters your environment. Dan McKinney (Solutions Engineering Manager) walks through how Cloudsmith's cooldown policies work and how to configure one in under five minutes. What Dan covers.
Chunk sidecars: Inner Loop Validation for AI Coding Agents
Your agent writes code fast, but you shouldn't have to see it until it's right. Chunk sidecars are lightweight microVMs that work inside the agent loop, requiring agents to pass pre-push validation in a CI-like environment before they declare they're "done." That means no massive CI pile-ups, no long round-trips that risk resetting your agent's context. You're sending code you already know is good.
Untested AI is unshippable AI, with Laurie Voss of Arize
Most AI applications in production right now were shipped on vibes. A developer ran a few queries, liked what they saw, and pushed to prod. Laurie Voss argues that's the core reason so many AI products feel broken, and the fix is simpler to name than it is to do: write the tests.
Track Deployment status for your PRs (Beta)
You shouldn’t have to leave your PR list to know where your code is deployed. Yet, developers constantly lose time context-switching just to see if a change hit staging or production. To solve this, we are launching the Beta version of Deployment Status Tracking for your PRs. This feature surfaces live deployment statuses directly within your PR list view as code moves through your pipeline.
Why CI/CD Pipelines Miss Runtime Failures
CI/CD pipelines do four things: it builds code, runs tests against mocked dependencies, lints for style violations, and scans for known vulnerability patterns. What it cannot do is validate how that code behaves under real users, real service responses, and real runtime constraints that staging was never configured to reproduce. That entire class of failure clears every gate cleanly and surfaces only in production.
The Miasma worm explained: How it Hit Red Hat and Microsoft
Miasma has already hit Red Hat and 73 Microsoft GitHub repos. Here's how it works and what your team can do right now. Nigel Douglas, Head of Developer Relations at Cloudsmith, breaks down the Miasma worm – a self-replicating supply chain attack and evolved variant of Mini Shai-Hulud from threat group TeamPCP. Learn how Miasma uses the yo-yo attack method to move laterally across registries and workstations, why conventional scanners missed it, and the practical steps security teams can take today, including cooldown policies and continuous risk assessment.
We told Claude to break our tests. Here's what happened.
Catch failing tests before they ever leave the machine with just two hooks and Chunk sidecars.
The engineers who handle change best aren't keeping up with every tool
Hywel Carter on the mental model that travels with you no matter what ships next.
Agent Hooks + Chunk sidecars: Stop Broken AI Code Before It Hits CI
AI agents write code fast, but the feedback loop usually can't keep up. In this tutorial, you'll see how to wire Chunk sidecars into your agent's hooks so basic failures get caught before they ever reach your CI pipeline. We'll walk through the two hooks that chunk init writes automatically: Both hooks return exit 2 on failure, blocking the commit or keeping the turn open so the agent can fix its own mistakes with no manual prompting required.