For years, software supply-chain security discussions focused on centralized infrastructure such as build servers, package registries, and CI/CD systems. Recent attacks suggest that this view is incomplete. The Megalodon campaign injected malicious GitHub Actions workflows into thousands of repositories, while a separate incident involving a malicious Visual Studio Code extension demonstrated how a single compromised developer device can expose large volumes of source code and internal assets. These incidents highlight a growing reality: developer workstations are now a critical part of the software supply chain. The scale of the threat continues to grow. Sonatype identified more than 454,000 new malicious open-source packages in 2025 alone, pushing the cumulative number of known malicious packages across major repositories beyond 1.2 million. Many of these campaigns are designed specifically to target developer environments, CI/CD systems, and credential stores rather than end user...
DevOps.com is now providing a weekly DevOps jobs report through which opportunities for DevOps professionals will be highlighted as part of an effort to better serve our audience. Our goal in these challenging economic times is to make it just that much easier for DevOps professionals to advance their careers. Of course, the pool of available DevOps talent is still relatively constrained, so when one DevOps professional takes on a new role, it tends to create opportunities for others. The ten job postings shared this week are selected based on the company looking to hire, the vertical industry segment and naturally, the pay scale being offered. We’re also committed to providing additional insights into the state of the DevOps job market. In the meantime, for your consideration. Greenhouse Inflection AI Palo Alto, CA Senior DevOps Engineer (AI & Cloud Infrastructure) $175,000 to $250,000 NABIS Remote, US Senior DevOps Engineer $145,000 to $165,000 Trovo Health Ne...