Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on Continuous Integration and Development, and related technologies.

The golden path: security that works because it's the easy path

A golden path for dependency management isn't a policy document – it's a preconfigured private registry with upstream proxies covering every ecosystem your teams use, set as the default. Developers don't opt into security; they get it automatically by using the standard toolchain. The alternative is teams configuring their own controls, producing inconsistent postures and compounding risk across the org. If the secure path requires extra steps, developers will route around it. Make it the easiest option and the policy enforces itself.

The most dangerous window is before threat intel knows about it

When a malicious package is first published, threat intelligence sources haven't flagged it yet – and every team pulling from a public registry is exposed during that entire window. The fix isn't faster scanning; it's a policy that holds new packages for a defined cooldown period before they're eligible to pull. By the time the window closes, the threat intelligence has caught up. Teams pulling direct from npm or PyPI have no equivalent enforcement layer – which is exactly how attacks like Shai-Hulud got in.

Fix flaky tests with AI, and track future test work in Jira

In January we launched Tests in Bitbucket Pipelines – a single place to track, organize, and understand your test health over time. In April we added automatic flaky test detection so unreliable tests get flagged before they slow your team down. But spotting a problem is only half the battle. Day to day, your team still needs to act on a test – track it as work, clean it up, or route it to the right person.

Unlocking efficiency with Merge Queues in Bitbucket Cloud now GA

Earlier this year, we launched Merge Queues in open beta to help teams automate, sequence, and validate pull request merges. During the beta period, we incorporated feedback from hundreds of teams to improve reliability and simplify configuration. Today, we are excited to announce that Merge Queues is generally available for Standard and Premium plans on Bitbucket Cloud.

Agentic Pipelines now supports OpenAI Codex

Bring your Codex agent into Bitbucket Pipelines. A few weeks ago, we announced support for Claude agents in Bitbucket Pipelines. Today, we’re adding OpenAI Codex as a supported agent. If your team is already using Codex on the desktop, you can now move that same workflow into your pipeline — triggered by a merge, a schedule, a failing build, or a pull request comment.