Skip to main content

Posts

Showing posts from June, 2026

Building a Simple Event-Driven Application with Datadog Workflows

Back in October 2022, I wrote a short blog post explaining how I automated our Datadog Marketplace sales cycle using a few AWS services and my first-ever Golang program. That basic, event-driven system saved our sales team several hours a week by replacing a manual process with something far more efficient. Even though the original setup worked well and ran reliably for a couple of years, it still required ongoing maintenance — such as upgrading Go versions, fixing minor issues from those upgrades and updating the HubSpot SDK I built when their APIs changed. It wasn’t broken, but it was becoming a bit of a time sink. With Datadog Workflows becoming more robust and available, I figured it was time for a refresh. Why not see what it could do? Breaking Down the Old Flow The original flow followed a pretty typical event-driven architecture pattern: Event producers, a router and a consumer. Producer: The customer’s Datadog instance, which triggered an event when a trial started. Email ...

Attackers Exploit SimpleHelp Flaw to Steal Info from AI Coding Assistants, Clouds

Threat actors are exploiting a known security flaw in the SimpleHelp remote monitoring and management (RMM) software to drop two previously unknown pieces of malware that can compromise a broad range of systems and steal massive amounts of sensitive data. Researchers with Blackpoint Cyber’s Adversary Pursuit Group said they detected an intrusion in which the adversaries abused a critical authentication bypass vulnerability — tracked as CVE-2026-48558 — to obtain an authenticated technician session without valid credentials on an internet-facing SimpleHelp server. “The compromised RMM platform provided the operator with a trusted administrative channel capable of transferring files and executing commands on systems managed through the server,” Nevan Beal, principal managed detection and response (MDR) analyst with Blackpoint, and Sam Decker, threat intelligence engineer, wrote in a report . The bad actors followed that by deploying TaskWeaver, a modular and highly obfuscated Node.js...

Configuration Drift in a Multi-Cloud World

Configuration drift is the gap between the infrastructure state declared in code and the state actually running in your environment. It occurs when resources are changed outside of your infrastructure as code (IaC) workflow, so the live system no longer matches its definition. In a single cloud, drift is usually straightforward to find and correct. Across multiple providers, it is harder to detect and more costly to leave unaddressed. Why Does Multicloud Make Drift Worse? Each provider has its own API, resource model, console, and defaults. A change made directly in one cloud does not resemble the equivalent change in another, so the signals used to detect drift differ in each environment. There is often no single source of truth that covers all providers, and tagging conventions and naming standards vary between accounts. As a result, the number of places where an undeclared change can go unnoticed increases with each cloud you add. The practical effect is that the documented stat...

Ten Great DevOps Job Opportunities

DevOps.com is now providing a weekly DevOps jobs report through which opportunities for DevOps professionals will be highlighted as part of an effort to better serve our audience. Our goal in these challenging economic times is to make it just that much easier for DevOps professionals to advance their careers. Of course, the pool of available DevOps talent is still relatively constrained, so when one DevOps professional takes on a new role, it tends to create opportunities for others. The ten job postings shared this week are selected based on the company looking to hire, the vertical industry segment and naturally, the pay scale being offered. We’re also committed to providing additional insights into the state of the DevOps job market. In the meantime, for your consideration. Greenhouse HERE New York, NY Government DevOps Engineer – USA $145,000 to $185,000 Rocket Lab Littleton, CO DevOps Engineer II/Senior $115,000 to $170,000 Mixpanel Remote, US Software ...

From Phishing to Vishing: Why DevSecOps Must Rethink Communication Security

Key Takeaways: Vishing is the new frontline threat: Attackers are shifting from emails to phone-based scams, using AI and social engineering to bypass traditional security controls. DevSecOps must expand its scope: Securing code is no longer enough; communication channels like voice, chat, and messaging must be integrated into threat models and security pipelines. Human and technical defenses must work together: Strong architecture (encryption, authentication, Zero Trust) combined with employee awareness and verification practices is key to stopping modern social engineering attacks. As cybercriminals shift from email to phone lines, security professionals need to expand their scope. As a result, voice phishing or “vishing”, which involves social engineering through telephones or VOIP, is becoming increasingly common alongside traditional email phishing. Recent statistics indicate an exponential rise in vishing cases, which cost people over $1.2 billion in 2023. In this day and ...

Shift-Left Performance Testing in CI/CD: A Practical LoadRunner Framework

CI/CD pipelines speed up software delivery, but performance testing is often delayed, resulting in late feedback and costly fixes. Many teams run tests earlier but fail to enforce performance as a deployment gate. This article provides a practical framework for integrating LoadRunner Enterprise into CI/CD pipelines, enabling continuous, automated and enforceable performance validations with early regression detection. The Problem: Shift Left in Theory Vs. Reality Despite the theory, many teams: Run tests only in QA or staging Perform manual reviews without automated enforcement Fail to block deployments when performance thresholds are breached The Real Challenge: It’s not the tools — it’s integration and enforcement. Shift left is effective only when performance is a primary release criterion, not just an earlier activity. Why Early Performance Validation Matters Delayed testing leads to late bottleneck discovery, slow feedback and production incidents. Integrating performan...

Akrites: The Latest Attempt to Protect Open-Source From AI Attacks Has Arrived

Akrites, a new Linux Foundation initiative backed by many of the world’s largest tech and financial firms, is the industry’s latest attempt to get ahead of AI‑accelerated software supply chain risks by hardening critical open source projects before attackers can exploit them. On June 25, the Linux Foundation unveiled Akrites , a coordinated industry program designed to find, fix, and responsibly disclose vulnerabilities in open-source software exploited by AI-based attackers. It’s not the first such effort. But Akrites may be the most comprehensive. One such initiative is Chainguard’s Athena coalition , which seeks to repair open-source flaws before attackers can exploit them. Another is IBM and Red Hat’s Project Lightwell , which has similar goals. These two, however, seek to provide safe code and a platform for managing compliance, SBOMs, and governance across heterogeneous open‑source supply chains. Akrites’ mission, on the other hand, is to give the indus...

AI Is Exposing a Growing Blind Spot in Open Source Security

With AI, teams across organizations are now building internal applications faster than ever, often pulling in open source libraries and frameworks without much thought about long-term support, lifecycle management, or security ownership. An unintended consequence of this is that unsupported open source software (OSS) is quietly spreading across environments faster than security and engineering teams can keep track of it. Most organizations already struggled with open source visibility before AI-assisted development became mainstream. Now, many are also accumulating technical debt at a much faster rate, creating future maintenance, security, and migration obligations every time new dependencies are introduced. The question is no longer simply how fast organizations can build software with AI. It’s whether they can securely govern and sustainably support the software ecosystems they are creating. Unsupported OSS is Becoming a Major Blind Spot Many organizations already have unsu...

Qodo Extends Reach and Scope of AI Code Review Platform

Qodo this week extended its platform for managing code quality and governance to enable an artificial intelligence (AI) agent to review code spanning multiple repositories. Additionally, version 2.8 of the Qodo platform adds a custom rules miner that discovers coding patterns from existing codebase behavior and pull request (PR) history that are then used to create structured, enforceable rules. Finally, Qodo has added an ability to discover AI skills that contain code review instructions, coding standards, and engineering best practices across multiple repositories. The platform surfaces those skills in a portal that enables DevOps teams to centrally manage and assess their impact on software engineering workflows. Qodo CEO Itamar Friedman said these capabilities extend an agentic AI platform for governing code that is based on graph technology that tracks the relationships that exist between code. Whenever a pull request (PR) modifies a shared dependency, the agent reads the rep...

HeroDevs Allies with Commonhaus Foundation to Support Open Source Software

HeroDevs this week revealed it has joined the Commonhaus Foundation as the founding member of the Open Source Sustainability Initiative (OSSI) after establishing partnerships with the open source Hibernate, Jackson, and Quarkus communities to provide commercial support for older versions of these frameworks. OSSI is a framework administered by the Commonhaus Foundation through which governance of open source software projects is provided. HeroDevs COO Rob Nalen said the provider of end-of-life support services for open source software sees a clear need to work more closely with maintainers of open source projects that don’t have the resources required to support enterprise IT organizations that for one reason or another are not able to upgrade to the latest version of an open source software framework in a timely manner. The alliance between HeroDevs and the Commonhaus Foundation, in effect, buys enterprise IT teams, especially if they operate in highly regulated industries, the ti...

Undo Enables AI Agents to Diagnose Root Cause of Application Issues

Undo today revealed that its platform for recording interactions within applications can now be accessed by artificial intelligence (AI) agents via a Model Context Protocol (MCP) server. Company CEO Greg Law said this Undo AI capability makes it simpler for any agent to discover the root cause of any issue that otherwise would have required weeks or months to discover. That capability is now more critical than ever at a time when AI tools are generating massive amounts of code that is overwhelming the ability of humans to actually review, he added. The Undo platform records the complete execution of a program, including every instruction, variable, thread event and system call. That approach captures causality in a way that is deeper than what can be diagnosed solely by relying on log analytics and traces, said Law. An AI agent can then query the recording in the same way they reason about static code to determine exactly how an application functions, he added. Armed with those ins...

Microsoft Brings the Azure SDK for Rust to General Availability

Microsoft has moved the Azure SDK for Rust out of beta and into general availability, giving Rust developers a stable, production-ready way to connect to core Azure services. The release covers Core, Identity, Key Vault (Secrets, Keys, and Certificates), and Storage (Blobs and Queues), built around the same design patterns already used in the .NET, Java, JavaScript, Python, Go, and C++ SDKs. The announcement came as part of Microsoft’s May 2026 Azure SDK release, and was detailed separately in a post from Ronnie Geraghty, product manager for the Azure SDK. He framed the milestone with a simple scenario: a Rust service that signs in with Microsoft Entra ID, retrieves a signing key from Key Vault, pulls work items from a Storage Queue, and writes the results to Blob Storage. Every piece of that chain is now stable. That stability matters more than it might sound. A beta SDK is fine for experimentation, but most engineering teams won’t put it in front of production traffic. W...

Salesforce vs Dynamics 365 CE DevOps: A Practical Comparison for Enterprise Teams

Most organizations running CRM platforms eventually face the same challenge: how to deploy changes safely, consistently, and quickly. While Salesforce and Dynamics 365 Customer Engagement (CE) support modern DevOps practices, they approach application lifecycle management differently. Understanding these differences can help teams design more effective deployment pipelines and avoid common release issues. As these platforms become increasingly critical to business operations, the need for effective DevOps practices has grown significantly. Unlike traditional software applications, CRM platforms combine configuration, metadata, security models, workflows, integrations, and custom code into a single ecosystem. A deployment rarely consists of code alone. It often includes business processes, user interface changes, security updates, automation rules, and integration modifications. This creates a unique challenge for DevOps teams. A seemingly small change can affect multiple business func...

Newly Appointed CloudBees CEO Charts Agentic AI Engineering Course

The newly appointed CEO of CloudBees, Mo Plassnig, says that as the agentic artificial intelligence (AI) era dawns, the time has come to reinvent software engineering in a way that moves beyond human-centric tooling. Plassnig, who earlier this month succeeded Anuj Kapur, joins CloudBees from Immuta, a provider of a data security and governance platform, where he served as chief product officer. However, Plassnig was also one of the founders of Codeship, a provider of a hosted continuous integration and continuous delivery (CI/CD) platform that CloudBees acquired in 2018. As the way applications are built and deployed fundamentally changes, DevOps workflows will need to evolve to accommodate massive amounts of code that is being generated by both professional developers and, increasingly, so-called citizen developers, said Plassnig. In fact, writing code is no longer a constraint, he added. Before too long, end users will routinely express an intent that will be converted into a set ...

CData Gives Developers Free Access to the Data Layer That IT Already Trusts

Most enterprise AI projects don’t fail because of the model. They fail because getting clean, governed access to production data is slow, political, and manual. Every new data connection requires IT involvement. Every new agent adds more surface area to manage. And every developer who goes around IT creates a new problem for someone else to clean up later. CData is trying to fix that with three new releases aimed directly at developers: Connect AI Developer Edition (free), the CData Connect AI Python SDK (open source), and CData CLI. The announcement, set for June 23, reflects a deliberate shift in how CData positions its platform. The company has been building enterprise data connectivity since 2014, starting with a driver catalog that let developers query Salesforce, Workday, Oracle, and hundreds of other systems through standard interfaces like JDBC and ODBC. Connect AI is the modern version of that same core capability, packaged as a SaaS product with MCP support, governance...