Skip to main content

Posts

Harness Acquires Codecov to Identify Untested Code

Harness this week acquired Codecov , a provider of a platform that analyzes the percentage of a codebase that has been tested, from Sentry. Brad Rydzewski, a senior vice president and general manager for Harness, said Codecov makes it simpler for DevOps teams to track testing coverage at a time when the volume of code being created in the age of artificial intelligence is exponentially increasing. Codecov is already widely used by enterprises and maintainers to automatically run tests on any code that for one reason or another was not tested earlier in the software development lifecycle (SDLC). Going forward, Harness plans to integrate the data that Codecov generates in real time with the Harness Software Delivery Knowledge Graph to provide deeper insights across DevSecOps workflows as AI agents are integrated into workflows. Ultimately, the goal is to automate testing as much as possible while maintaining separation of duties between AI agents that write code and AI agents that te...
Post a Comment
Read more
Recent posts

Latest OpenTofu Release Simplifies Configuration Updates

The latest update to the OpenTofu infrastructure-as-code (IaC) tool is making it simpler to update and refactor configurations without having to rework the entire codebase. Version 1.12.0 of OpenTofu has added a destroy = false lifecycle option that enables DevOps engineers to drop an object from state without issuing a destroy application programming interface (API) call. Previously, any time a resource was updated or added an API call would try to destroy the actual infrastructure behind it. While DevOps teams could work around that issue by carefully maintaining state, the chances that something could go awry were fairly high. Now OpenTofu 1.12.0 allows DevOps teams to tie prevent_destroy to an input variable within the same module. Once set to default, the API call to destroy the IT infrastructure environment is overwritten. That per-stack variable configuration means DevOps teams can define the safety behavior once per environment and have it stay consistent across every run. ...
Post a Comment
Read more

Why the Trust Layer Is the Next Thing Developers Will Commodify

Engineering roadmaps inside enterprises that never planned to build AI products are now being eaten by AI work. Teams at hospitals, banks and government agencies are spending huge chunks of their sprint capacity wiring up models, UI components and accessibility plumbing for AI features that aren’t core to what their business actually does. The mismatch between where the work is going and where the value is created is starting to force a different conversation about what belongs in-house and what doesn’t. Mike Hideo, VP of Software Engineering at TinyMCE, joins Mike Vizard to argue that the next layer developers will commodify is the AI trust layer — the governance, control, provenance and UI components that wrap every LLM-driven feature. The case is straightforward: writing a prompt is cheap, but building reliable audit trails, permission models and accessible interfaces around AI output is the part teams keep rebuilding from scratch with every new model release. The conversation g...
Post a Comment
Read more

Survey Surfaces Pervasive Adoption of AI Across SDLC

A global survey of 2,501 IT and DevOps professionals at organizations with more than 150 employees published today finds more than two-thirds (68%) work for organizations that have implemented artificial intelligence (AI) across some or all their software delivery workflows. Conducted by Tricentis, a provider of a platform for testing software, the survey identifies enhanced quality and risk detection (37%), enhanced accuracy and consistency (36%) and improved test automation coverage (32%) as the top benefits of integrating AI into those workflows Overall, 53% manage between six and ten AI or automation tools across their software development lifecycle (SDLC). However, the survey also finds that 60% admit their application developers also regularly ship untested code into production environments. David Colwell, vice president of AI and machine learning at Tricentis, said that as more AI-generated code is created, the volume of code that has not been tested is increasing, which in ...
Post a Comment
Read more

Microsoft Brings AI Agents Directly Into the Windows Terminal

Microsoft just shipped Intelligent Terminal 0.1 — an open-source, experimental fork of Windows Terminal with native agent integration built in. It’s available now from the Microsoft Store or via WinGet ( winget install Microsoft.IntelligentTerminal ), and it installs alongside your existing Windows Terminal without replacing it. This is an early release, clearly labeled as experimental. But it’s a meaningful signal about where Microsoft thinks the terminal is going. What it Actually Does The core idea is straightforward: Instead of copying an error message, opening a browser, hunting through Stack Overflow, and then jumping back to your shell, you stay in the terminal. An AI agent is right there, aware of what’s on your screen. Intelligent Terminal adds a persistent agent pane — a docked, context-aware panel where you can interact with an AI agent CLI without leaving your workflow. GitHub Copilot CLI is the default, but the architecture is open. Any Agent Client Pr...
Post a Comment
Read more

Regression Testing Tools in the Age of AI-Assisted Development: What Has Changed

For most of the past decade, the conversation around regression testing tools was fairly stable. The tools got faster, the integrations got smoother, and the underlying approach stayed largely the same: write tests, run them in CI, fix failures. The fundamental model did not change much because the problem did not change much. AI-assisted development has changed the problem. When developers use AI coding assistants to generate significant portions of their codebase, the assumptions that most regression testing tools were built around start to break down in specific and consequential ways. The tools themselves have not been standing still – several have adapted meaningfully in response – but engineering leaders evaluating regression testing tools today are navigating a landscape that looks genuinely different from what it looked like three years ago. This article examines what has changed, which changes matter most for engineering teams, and how to think about selecting reg...
Post a Comment
Read more

Shai-Hulud Clone ‘Miasma’ Compromises 32 Red Hat npm Packages

The threat group behind the notorious Mini Shai-Hulud worm last month put the complete source code for the malware into a GitHub repository, essentially open sourcing the threat so that other bad actors can create their own variants. GitHub reportedly took down the repository shortly after it appeared, but the damage was already done, with multiple forks created, according to Datadog security researchers. The modular framework that the threat group, TeamPCP, put into the repository included tools for credential harvesting, supply chain poisoning, and encrypted data exfiltration aimed at developer workstations and CI/CD pipelines, increasingly popular targets for attackers. The released source code also indicated evolving capabilities for persistence through the integration of AI agents and for stealing via Sigstore provenance. “The open-sourcing of a production offensive framework is not unprecedented, but it’s unusual for an active campaign,” the researchers wrote in a report...
Post a Comment
Read more