Today we are pleased to announce that CircleCI has acquired Ponicode, a Paris-based AI engine for analyzing source code, with the goal to help developers produce better code in their local development environment. Ponicode caught our attention with their dedicated focus to helping developers handle their least favorite tasks — the toil surrounding writing code — such as authoring tests, commenting code, analyzing code quality, and more.

A few days ago, security researcher Max Kellermann published a vulnerability named DirtyPipe which was designated as CVE-2022-0847. This vulnerability affects the Linux kernel and if exploited, can allow a local attacker to gain root privileges. The vulnerability gained extensive media follow-up, since it affects all Linux-based systems with a 5.8 or later kernel, without any particular exploitation prerequisites.

Your entire tech stack is likely in the Cloud - so why aren’t your software packages?

Technologies such as serverless computing frameworks and CI/CD automation tools help accelerate software development lifecycles (SDLC) to give development teams a competitive edge in the marketplace. Armed with these technologies, teams can deploy and innovate faster and more frequently by automating repetitive tasks and eliminating the need to manage or provision servers.

Ten years ago, tools like Jenkins were first-class automation platforms for your CI pipelines. The jump from lower-level tools and custom scripts to tools like Jenkins created dramatic improvements. Now, a new generation of web-based tools are available. They provide a platform for the next leap forward for product build automation. This long history means that many mature organizations use Jenkins for CI.

CircleCI webhooks open up a variety of exciting use cases, from data logging and integrations with third-party monitoring and observability solutions to setting up your own custom dashboards to monitor pipeline health. To ensure that you can properly monitor events, resolve authentication errors, and also access the information contained within them, you need a reliable process to debug any errors you might encounter.

When automated software delivery runs smoothly, it can whisper, and quietly attend to itself. But when your delivery and distribution pipeline runs into a problem, it must shout. Boosting the volume of Artifactory and Distribution change events and issues through PagerDuty can help ensure they’re heard by everyone whose job it is to monitor your software delivery pipeline.

RESTful API projects often require that developers grant temporary access to a particular resource. Sometimes this happens within a specific interval, such as a few days or months. Revoking permissions when they expire could mean including extra logic during the authentication process or writing a middleware function to attach to the secured endpoint. Or, this logic could be abstracted to a separate part and configured to check and manage permissions at a regular interval.

A quick walkthrough of getting set up with a private repository for Terraform Modules on Cloudsmith, including uploading and downloading modules.

Every technical team in the software industry is familiar with technical debt. That is because every software team incurs technical debt along the way. This article answers some critical questions about technical debt. It reviews what technical debt is and what its causes are, why it is essential to address technical debt, and how this debt accumulates.