Skip to main content

Posts

Why Developer Workstations Have Become a Critical Part of the Software Supply Chain

For years, software supply-chain security discussions focused on centralized infrastructure such as build servers, package registries, and CI/CD systems. Recent attacks suggest that this view is incomplete. The Megalodon campaign injected malicious GitHub Actions workflows into thousands of repositories, while a separate incident involving a malicious Visual Studio Code extension demonstrated how a single compromised developer device can expose large volumes of source code and internal assets. These incidents highlight a growing reality: developer workstations are now a critical part of the software supply chain. The scale of the threat continues to grow. Sonatype identified more than 454,000 new malicious open-source packages in 2025 alone, pushing the cumulative number of known malicious packages across major repositories beyond 1.2 million. Many of these campaigns are designed specifically to target developer environments, CI/CD systems, and credential stores rather than end user...
Recent posts

Ten Great DevOps Job Opportunities

DevOps.com is now providing a weekly DevOps jobs report through which opportunities for DevOps professionals will be highlighted as part of an effort to better serve our audience. Our goal in these challenging economic times is to make it just that much easier for DevOps professionals to advance their careers. Of course, the pool of available DevOps talent is still relatively constrained, so when one DevOps professional takes on a new role, it tends to create opportunities for others. The ten job postings shared this week are selected based on the company looking to hire, the vertical industry segment and naturally, the pay scale being offered. We’re also committed to providing additional insights into the state of the DevOps job market. In the meantime, for your consideration. Greenhouse Inflection AI Palo Alto, CA Senior DevOps Engineer (AI & Cloud Infrastructure) $175,000 to $250,000 NABIS Remote, US Senior DevOps Engineer $145,000 to $165,000 Trovo Health Ne...

IBM Bob Gets Multi-Agent Muscle and a Cost Dashboard for Enterprise Coding

IBM has rolled out a significant update to Bob, its agentic software development platform, adding multi-agent coordination, built-in spend tracking, and three prebuilt workflows aimed at some of the toughest modernization jobs in enterprise IT: Mainframe COBOL, IBM i, and large Java codebases. The update lands as most engineering organizations are running into a problem nobody predicted a year ago: AI made writing code the easy part. A recent GitLab survey found that 85% of respondents agreed that AI has shifted the main bottleneck from writing code to reviewing and validating code. IBM cites that same data point in its announcement, and it’s clearly shaping how the company is positioning Bob’s next phase. Bob isn’t new. IBM introduced it earlier this year as its answer to tools like Claude Code and OpenAI’s Codex, and it made a splash at IBM’s Think 2026 conference, where it reportedly became one of the most talked-about releases on the show floor. Under...

GitHub’s Redesigned PR Inbox Tackles the Review Bottleneck AI Created

GitHub has made its overhauled pull requests dashboard generally available, giving developers and engineering managers a single view at github.com/pulls to track, prioritize, and act on the pull requests that need their attention. The dashboard moves out of public preview after a rollout that started in March 2026 and shifted to opt-out preview in April. The centerpiece is Inbox, a home base that <cite index=”1-1″>surfaces review requests, pull requests that need fixing due to CI failures or new comments, and pull requests that are ready to merge or sitting in the merge queue</cite>. Developers can reorder or hide sections to fit their own workflow, and filter by repository or recent activity to cut through the noise. Saved views are the other major piece. Instead of relying on browser bookmarks to jump back to a specific filter, developers can now <cite index=”1-1″>create, edit, and organize custom views based on their most-used search querie...

IBM and Red Hat Launch Lightwell Catalog to Automate Remediation

IBM and Red Hat this week revealed that Lightwell Network , a catalog of more than 6,500 application-layer dependencies that drives an automated vulnerability remediation service, is now generally available. At the same time, the Lightwell Clearinghouse Premier service, through which application development teams can both access validated patches and coordinate remediation efforts, is now available to a limited number of organizations. Ben Breard, a senior principal product manager at Red Hat, said collectively these two offerings will make it simpler for organizations to address 30 years of technical debt that is now being exposed by artificial intelligence (AI) models that make it possible to discover vulnerabilities and create exploits in a matter of hours. At the core of the Lightwell service is a remediation engine that software engineers are using to help identify, validate, and remediate vulnerabilities across critical dependencies embedded deep within modern software archit...

Why Your Best People Can’t Save a Broken Delivery System

When delivery falls apart, the reflex is to blame the team. Missed dates, quality slips, a burned-out squad — leadership tends to reach for a personnel fix and quietly move on. The uncomfortable pattern in most enterprise organizations is that the system itself is the failure mode. Decision latency, priority misalignment, and layers of governance that were designed for a slower era grind against the very people leaders keep asking to grind harder. Talented engineers cannot outrun a delivery pipeline that is structurally set up to stall. Marnus Marx, founder and Delivery Confidence Coach at Elanvia Consulting, joined Alan Shimel to unpack what that structural failure actually looks like from the inside. Marx came up through Unix and Linux systems before moving into DevOps and delivery coaching, which shapes how he diagnoses these breakdowns — as engineering problems in the socio-technical system, not character flaws in the humans stuck inside it. His frame of “delivery confidenc...

Why AI-Driven Devops is Exposing the Limits of Traditional Toolchains and What Comes Next for Engineering Teams in 2026

Modern software delivery has crossed a threshold where speed is no longer the differentiator, but a stress test for the entire engineering system. AI-assisted development has created a new baseline expectation where features, fixes and even architectural changes can be generated in minutes rather than days. This acceleration feels like progress, yet it exposes a structural weakness that has been building for years inside DevOps practices. Traditional DevOps was designed around human-paced iteration cycles. Code was written, reviewed, tested and deployed in relatively predictable sequences. AI changes this rhythm entirely by compressing multiple stages of development into a single generative step. A developer can now produce what looks like a complete service, including tests and infrastructure definitions, in one session. The pipeline is no longer dealing with incremental change, but with sudden bursts of high-volume transformation. This creates an operational paradox. Systems are f...