Show HN: Atlas - Local-first AI code reviewer for Claude Code, Codex, Cursor

Atlas는 Claude Code, Codex, Gemini, OpenCode 등 AI 코딩 에이전트가 생성한 커밋을 로컬에서 실시간으로 리뷰하는 AI 코드 리뷰 도구입니다. PR 전 단계에서 자동으로 정책 기반 검사와 LLM 리뷰를 수행해 위험한 변경사항을 차단하며, 모든 리뷰 기록과 정책 설정은 코드와 함께 버전 관리됩니다. 클라우드 없이 로컬에서 실행되어 코드 유출 위험이 없고, 금융·헬스케어 등 규제 산업에 적합합니다. 또한 리뷰 결과의 유용성을 추적해 AI 리뷰 품질을 평가하고 정책을 조정할 수 있습니다.

https://www.atlasengine.dev/

#aicodereview #localfirst #llmintegration #policyascode #developertools

How do you ensure risky code doesn't make it to production?

Automated guardrails in the dev phase. Anchore's Chadd Owen explains how policy-as-code stops vulnerable content in its tracks so it never advances to the next stage. Dive in: https://anchore.com/blog/anchore-enterprise-and-the-dod-devsecops-reference-design/

#PolicyAsCode #ContainerSecurity

While #DockerExtensions boost developer speed, they can create a “visibility gap” by isolating telemetry. Extensions should act as bridges to centralized platforms!

In this #InfoQ article, Pragya Keshap explains how to use:
🔹 #OpenTelemetry
🔹 #PolicyAsCode
🔹 #Encryption
...to build secure pipelines and balance developer productivity with the governance needed for scalable, compliant observability!

📰 Read now: https://bit.ly/4mUn96h

#DevOps #Docker #Observability #Performance #Monitoring

⚙️ Technical Spotlight: New Session at BSides Luxembourg 2026

☁️💥 𝗖𝗟𝗢𝗨𝗗 𝗠𝗜𝗦𝗖𝗢𝗡𝗙𝗜𝗚𝗨𝗥𝗔𝗧𝗜𝗢𝗡𝗦: 𝗣𝗢𝗞𝗘 𝗣𝗢𝗞𝗘, 𝗕𝗥𝗘𝗔𝗖𝗛 – Kat Fitzgerald ( @rnbwkat ) 🔐☁️

Cloud breaches aren’t going away—they’re evolving.

Forget the classic “public bucket” mistakes. In 2026, real-world breaches are driven by over-privileged identities, risky SaaS integrations, forgotten environments, and insecure defaults in AI and Kubernetes. These aren’t obvious missteps—they’re systemic risks hiding in plain sight.

This talk breaks down the modern hierarchy of cloud misconfigurations based on recent breach data, then shifts the focus from reacting to preventing. Using Policy as Code (PaC), security becomes proactive—blocking risky deployments before they ever reach production.

You’ll also explore the Toxic Trilogy: assets that are publicly exposed, highly privileged, and critically vulnerable. When these overlap, breaches aren’t just possible—they’re predictable.

Kat Fitzgerald ( @rnbwkat )is a Chicago-based cybersecurity professional with a passion for cloud security, OSS, and creative defensive strategies. Known for blending technical depth with a unique personality (and a certain opinionated flamingo), Kat brings real-world insights into modern cloud risks and how to stop them before they start.

📱 Want to easily navigate all talks, villages, and stages?
Check out the official schedule on Hacker Tracker:
https://hackertracker.app/schedule?conf=BSIDESLUX2026

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg2026 #CloudSecurity #Misconfiguration #Kubernetes #PolicyAsCode #DevSecOps #CyberSecurity

CEL-expr-python – the Common Expression Language (CEL) in #Python is now #opensource!

CEL is a non-Turing complete embedded policy and expression language built for simplicity, speed, safety, and portability.

Learn more on #InfoQ ⇨ https://bit.ly/3NQL4pU

#SoftwareDevelopment #Google #PolicyAsCode

#Cedar - an #opensource authorisation policy language and SDK - has officially joined the Cloud Native Computing Foundation (#CNCF) as a Sandbox project!

It aims to provide a vendor-neutral standard for defining and enforcing fine-grained permissions in modern applications.

Details here 👉 https://bit.ly/3LMktJP

#DevOps #PolicyAsCode #SoftwareSecurity #Governance #InfoQ

Giới thiệu dự án mã nguồn mở Endpoint State Policy (ESP), một giải pháp "Policy as Code" giúp quản lý và thực thi chính sách endpoint một cách tự động.

#opensource #policyascode #DevOps #security #mãnguồnmở #bảomật

https://www.reddit.com/r/opensource/comments/1q005zf/endpoint_state_policy_esp_policy_as_code/

🚀 NEW on We ❤️ Open Source 🚀

Electric sheep need defenders. 🐑🔐 Brett Smith explores how SLSA helps secure the software supply chain, translating EO 14028 into a roadmap for resilient pipelines.

Read the article: https://allthingsopen.org/articles/supply-chain-robots-slsa-security

#WeLoveOpenSource #SLSA #FOSS #Cybersecurity #DevSecOps #PolicyAsCode

Zero CVEs ≠ Zero Risk.

Misconfigurations & leaked secrets can take down an image faster than any exploit.

Anchore helps teams catch both.

By @JoshSopuru → https://anchore.com/blog/beyond-the-cve-deep-container-analysis-with-anchore/

#SBOM #ContainerSecurity #PolicyAsCode #SoftwareSupplyChain