Operations | Monitoring | ITSM | DevOps | Cloud

Detecting dependency vulnerabilities in a Gradle-based project is crucial because it prevents applications from using libraries (dependencies) with security holes. Imagine an application as a house. Each dependency, or library used in the project, is like building material (such as wood, glass, or bricks). If there’s a flawed or easily penetrable material, the house can become unsafe, such as being more vulnerable to thieves or collapsing during an earthquake.

With the recent shake-up around CVE funding and broader questions about long-term support for cybersecurity infrastructure, one thing is clear: controlling what you can is more important than ever. This is abundantly clear in modern software development practices which rely heavily on CI/CD systems, which in turn serve as the primary conduit from a developer’s local environment to production.

In Large Language Model (LLM) applications, the quality of the training data is paramount in determining the final model performance. One of the most important steps in preparing datasets is cleaning and transforming raw data into similar and usable formats. However, this process can be tedious and time-consuming when done manually. Automating these data cleaning workflows is essential to improve efficiency and maintain consistency across multiple datasets.

Have you ever asked an AI model a question and received an outdated or completely off-base response? I’ve been there too. The problem is that most AI models rely solely on their pre-trained knowledge, which becomes obsolete over time. This is where RAG can help: RAG is a hybrid AI technique that combines the advantages of retrieval systems and generative models. It bridges the gap by bringing in real-time information from external knowledge sources to improve the generation quality.

As part of Atlassian’s ongoing investment in security, we’re excited to introduce token rotation for access tokens in Bitbucket Cloud. Building on recent updates, like adding expiration dates to access tokens, this new capability allows you to rotate your tokens, which generates a new secret while maintaining the same access and scopes.

CI/CD pipelines don’t wait. When traffic surges and your artifact platform can’t keep up, it’s not just a few slow requests: builds fail, deploys become backlogged, and engineers lose confidence. We’ve seen it all: 502s from overloaded VMs, minutes-long pulls, and pipelines grinding to a halt. That’s why we built Cloudsmith to scale by default; no one should have to firefight with their registry at 2 a.m.

We're excited to announce a major enhancement to our Maven repository support at Cloudsmith. As a Java developer, you can now upload and distribute arbitrary files using Maven repositories, unlocking more flexible and powerful workflows for your projects. Arbitrary files are files that are ignored by Maven unless explicitly included in the Project Object Model (POM) / pom.xml configuration.

April 2025 has brought some important news in the world of open source and software supply chain security: Fedora has announced a change proposal to make 99% of its package builds reproducible in its upcoming Fedora 43 release. At first glance, this might seem like a low-level Linux packaging detail. But in reality, this is part of a much bigger shift that touches anyone who builds, ships, or consumes software - including us at Cloudsmith and the developers and enterprises who rely on us.

Development teams managing Kubernetes-based applications face challenges in maintaining visibility and control over their deployment processes. Without a centralized interface, teams struggle to track, monitor, and manage releases across their Kubernetes clusters, leading to potential deployment errors, and difficulties in maintaining consistent deployment workflows.