Mastodawn

Mini Shai Hulud: Compromised @ antv npm Packages Enable CI/CD Credential Theft, by (not on Mastodon or Bluesky):

https://www.microsoft.com/en-us/security/blog/2026/05/20/mini-shai-hulud-compromised-antv-npm-packages-enable-ci-cd-credential-theft/?ref=frontenddogma.com

#security #npm #dependencies #cicd

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft | Microsoft Security Blog

Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials across GitHub, AWS, Kubernetes, Vault, npm, and 1Password platforms.

Microsoft Security Blog

Dwight Spencer 8h ago

Spent the week automating things that usually require clicking. From
OBS stream overlays that render via data files to MP4s that build themselves all in #cicd

None of it required specialized tools or AI skills/MCP agents.

Just Hugo, Playwright, ffmpeg, and Piper.

The boring stack works.
#selfhosted #infrastructure #foss #devlog

Jobs for Developers 21h ago

Crypto.com is hiring Senior DevOps Engineer (Exchange /Trading Platforms), Poland

🔧 #cryptocurrency #aws #cicd #kubernetes #terraform #seniorengineer
🌎 Warsaw, Poland
⏰ Full-time
🏢 Crypto.com

Job details https://jobsfordevelopers.com/jobs/senior-devops-engineer-exchange-trading-platforms-poland-at-crypto-com-may-28-2026-d2e819?utm_source=mastodon.world&utm_medium=social&utm_campaign=posting
#jobalert #jobsearch #hiring

Senior DevOps Engineer (Exchange /Trading Platforms), Poland at Crypto.com

Crypto.com is hiring Senior DevOps Engineer (Exchange /Trading Platforms), Poland

Habr 1d ago

# Bare-metal Kubernetes на 5 VM: Calico IPIP + MetalLB + GitOps — честный опыт с граблями

Поднял Kubernetes кластер на 5 VM с нуля на VMware: Calico IPIP, MetalLB, GitOps через ArgoCD, PostgreSQL HA. Три неочевидные проблемы которые съели много времени — MTU и TLS, нестабильный BGP на VMware, конфликты git push в GitOps.

https://habr.com/ru/articles/1041356/

#kubernetes #devops #ansible #gitops #argocd #calico #metallb #prometheus #cicd

# Bare-metal Kubernetes на 5 VM: Calico IPIP + MetalLB + GitOps — честный опыт с граблями

Предыстория Когда изучаешь DevOps по курсам — всё выглядит просто. Запустил minikube, поднял pod, посмотрел на kubectl get pods — красота. А потом пытаешься сделать что-то настоящее и понимаешь: между...

Хабр

Jobs for Developers 1d ago

Databricks is hiring Resident Solutions Architect - Manufacturing

🔧 #python #scala #aws #azure #cicd #gcp #solutionsarchitect
🌎 New York City, New York
⏰ Full-time
🏢 Databricks

Job details https://jobsfordevelopers.com/jobs/resident-solutions-architect-manufacturing-at-databricks-com-apr-9-2026-07cb91?utm_source=mastodon.world&utm_medium=social&utm_campaign=posting
#jobalert #jobsearch #hiring

Resident Solutions Architect - Manufacturing at Databricks

Databricks is hiring Resident Solutions Architect - Manufacturing

GripNews 1d ago

🌗 大規模 AI 程式碼審查的編排實務
➤ 從單一提示詞到多代理編排：Cloudflare 如何優化開發者體驗
✤ https://blog.cloudflare.com/ai-code-review/
針對大型工程團隊面臨的程式碼審查瓶頸，Cloudflare 放棄了單一 AI 代理的簡易方案，改為採用 OpenCode 開源框架構建了一套模組化的 CI 原生編排系統。該系統透過「協調者代理」管理多個針對安全性、效能、程式碼品質等領域的專門審查員，並採用插件化架構實現版本控制與 AI 供應商的解耦，顯著提升了審查效率與準確度，成為企業級 AI 應用開發的典範。
+ 這套插件架構看起來非常穩健，尤其是將 VCS 與 AI 供應商邏輯分離的設計，對大型企業的維護性至關重要。
+ 很有啟發性，放棄單一大模型提示詞改用專注領域的「專家代理」，確實是解決程式碼審查幻覺問題的關鍵路徑。
#人工智慧 #CICD #軟體工程 #開源架構

Orchestrating AI Code Review at scale

Learn about how we built a CI-native AI code reviewer using OpenCode that helps our engineers ship better, safer code.

The Cloudflare Blog

jbz 1d ago

🪓 GitHub Actions outage told devs 'your account is suspended'

｢ It is possible to configure GitHub Actions to use external or self-hosted runners – the VMs on which Actions execute – but customers with this kind of configuration still experienced an outage as the GitHub cloud service is the control plane for the runners wherever they are located ｣
https://www.theregister.com/devops/2026/05/27/github-actions-outage-told-devs-your-account-is-suspended/5246867

#github #outage #cicd

GitHub Actions outage told devs 'your account is suspended'

Another day, another GitHub wobble - but the service keeps growing

theregister

Foojay.io 2d ago

People and AI can write code together, but enterprise repositories still need deterministic quality gates to protect code quality. Enterprise quality is a scaling problem Enterprise Java development is not only about writing correct code. It is about keeping a large, long-lived codebase understandable,...
#ai #AIassisteddevelopment #buildautomation #cicd #codequality #Developertools #devops #EnterpriseJava #Java #maven #QualityGates
https://foojay.io/today/enterprise-java-quality-gates-ai/

Enterprise Java quality gates in the age of AI

Learn how enterprise Java teams can use deterministic quality gates, CI checks and tooling to keep AI-assisted code reviewable, consistent and safe.

foojay

Jobs for Developers 2d ago

Wiz is hiring Cloud Security Research Engineer

🔧 #golang #python #aws #azure #cicd #docker #gcp #kubernetes #terraform #securityengineer
🌎 London, United Kingdom
⏰ Full-time
🏢 Wiz

Job details https://jobsfordevelopers.com/jobs/cloud-security-research-engineer-at-wiz-io-dec-27-2025-c33de5?utm_source=mastodon.world&utm_medium=social&utm_campaign=posting
#jobalert #jobsearch #hiring

Cloud Security Research Engineer at Wiz

Wiz is hiring Cloud Security Research Engineer

Linuxiac 2d ago

Woodpecker CI 3.15 introduces optional depends_on support, cron timezone handling, configurable pipeline paths, and UI log improvements.
https://linuxiac.com/woodpecker-ci-3-15-released-with-smarter-pipeline-dependencies/

#devops #cicd #opensource