Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on Continuous Integration and Development, and related technologies.

DevEx Unpacked 006 - Leadership, Scaling & Serving Developers with Glenn Weinstein

Episode 006: In this episode of DevEx Unpacked, Cloudsmith co-founder Alan Carson sits down with CEO Glenn Weinstein for a deep dive into leadership, growth, and developer-first thinking. Glenn shares his journey from programming on a Commodore PET to founding and selling a startup, his lessons from Twilio, and what drew him to lead Cloudsmith. The two discuss what it takes to build a category-defining company from Belfast, navigating VC funding, and how values like resilience, clarity, and service drive long-term success.

CVE-2025-3248: Serious vulnerability found in popular Python AI package

Researchers at Trend Micro have uncovered a critical unauthenticated remote code execution (RCE) vulnerability affecting Langflow versions prior to 1.3.0. Langflow is a Python-based visual framework for building AI applications and boasts over 70,000 stars on GitHub and over 21,000 global weekly downloads from the public PyPI upstream. Source: Cloudsmith Navigator Versions released before 1.3.0 contain a serious flaw in the code validation logic, which allows arbitrary code execution.

OWASP CI/CD Part 7: Insecure System Configuration

Insecure system configuration is a textbook example of how neglected settings can create an entry point for attackers targeting your CI/CD pipelines. It’s rarely the cutting-edge zero-day that causes a breach. More often, it’s the unpatched service, the overly permissive role, or the default password that was never changed. While this risk overlaps with CI/CD credential hygiene (covered in Part 6 of our OWASP CI/CD series), the focus here is much broader.

DevEx Unpacked 005 - Secure DevOps, Rego Policies & Growing Cloudsmith with Ciara Carey

Episode 005: In this episode of DevEx Unpacked, Alan Carson chats with Ciara Carey, Solutions Engineer at Cloudsmith, about her career journey from developer to DevRel to her current customer-facing role. Ciara shares real-world insights on software supply chain security, how teams are using Enterprise Policy Management (EPM) to control open source risk, and why Cloudsmith’s cloud-native platform is a game changer for DevSecOps workflows.

Kubernetes sidecar deployment using CircleCI

Kubernetes excels at managing complex, containerized systems, and one of its most impactful patterns is the sidecar. Sidecar containers extend applications by running supplementary processes in tandem. This modular architecture enables enhanced observability, networking, or security layers — all without changing the core application code. Continuous Integration and Continuous Deployment (CI/CD) practices are key to reliably shipping these configurations.

DevEx Unpacked 004 - Scaling Startups, Blockchain & Developer Culture with Jack Spargo

Episode 004: In this episode of DevEx Unpacked, Alan Carson chats with Jack Spargo, CTO of Control Alt, about his fascinating career journey from aerospace engineering to leading blockchain-powered investment platforms. Jack shares lessons from being acquired overnight, the challenges of building a platform from scratch, and why he’s betting big on junior engineers and AI augmentation. They explore the realities of compliance, software supply chain security, and why Northern Ireland is fast becoming a serious start-up hub.

Automating machine learning security checks using CI/CD

Machine learning (ML) pipelines are increasingly being treated like software; built, tested, deployed, and monitored using automated tooling. But while infrastructure as code and microservices have matured with security best practices, ML systems often lag behind. The truth is, your ML pipeline is part of your software supply chain and it is vulnerable.

Build an AI-powered Golang code review agent with CircleCI and GitHub webhooks

Code reviews are a crucial step in maintaining code quality, but many developers find them tedious and inconsistent. What if you could get helpful feedback automatically, as soon as a pull request is opened? In this tutorial, you’ll learn how to set up and integrate an AI-powered code review agent into your Go project. The agent uses the OpenAI API to post contextual suggestions and praise directly on pull requests.

DevEx Unpacked 003 - Scaling Cloudsmith, Security Innovation & Developer DNA with Tom Gibson

Episode 003: In this episode of DevEx Unpacked, Alan Carson sits down with Tom Gibson, Principal Engineer and long-time Cloudsmith team member, to trace his journey from early start-up to leading strategic innovation in the CTO’s office. Tom shares behind-the-scenes stories about engineering through scale, building continuous security scanning, and what it takes to evolve a developer-first platform.

Supercharge your iOS and MacOS development: CircleCI offers M4 Pro resources

For developers building on iOS and macOS, building the most performant software means having access to the latest Mac resources to quickly build, test, and deploy software. Apple’s newest M4 Pro chip represents yet another significant leap in Apple Silicon performance, delivering unprecedented speed and efficiency for development teams.