Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on Continuous Integration and Development, and related technologies.

The Miasma worm explained: How it Hit Red Hat and Microsoft

Miasma has already hit Red Hat and 73 Microsoft GitHub repos. Here's how it works and what your team can do right now. Nigel Douglas, Head of Developer Relations at Cloudsmith, breaks down the Miasma worm – a self-replicating supply chain attack and evolved variant of Mini Shai-Hulud from threat group TeamPCP. Learn how Miasma uses the yo-yo attack method to move laterally across registries and workstations, why conventional scanners missed it, and the practical steps security teams can take today, including cooldown policies and continuous risk assessment.

Mainframe DevOps: Modern CI/CD for Big Iron | Harness Blog

For Platform Engineering teams, the goal has always been clear: build a secure, scalable internal developer platform that reduces cognitive load and accelerates time-to-market. Yet, a massive obstacle often remains hidden in plain sight: the mainframe. While your distributed teams are shipping cloud-native microservices multiple times a day, your core backend mainframe applications frequently remain locked in an isolated silo, lagging behind on slow monthly or quarterly cadences.

Agent Hooks + Chunk sidecars: Stop Broken AI Code Before It Hits CI

AI agents write code fast, but the feedback loop usually can't keep up. In this tutorial, you'll see how to wire Chunk sidecars into your agent's hooks so basic failures get caught before they ever reach your CI pipeline. We'll walk through the two hooks that chunk init writes automatically: Both hooks return exit 2 on failure, blocking the commit or keeping the turn open so the agent can fix its own mistakes with no manual prompting required.

Azure Deployment Strategies & CI/CD Best Practices | Harness Blog

‍ Learn how to master Azure deployment with CI/CD pipelines, progressive delivery, and feature flags. See how Harness helps engineering teams ship faster and safer on Azure. Azure deployment sounds straightforward. Push code, it runs in the cloud. But if you've managed a 2 a.m. production incident because a deployment went sideways on AKS, you know the gap between "it deploys" and "it deploys safely at scale" is significant.

A package manager for AI assets (and why the lock file is per-user)

Sometime in the last two years your repos quietly filled up with a new category of file. Not code, not config exactly: prompts. A.claude/skills/ directory here. A.cursor/rules/ folder there. A CLAUDE.md at the root, an AGENTS.md next to it, a.mcp.json listing the servers your agent is allowed to call. These are the things that make a coding agent useful on your codebase, and they're sprawling.

Agentic validation needs different infrastructure

Previously, I described some core approaches to validating agent written code: feedforward and feedback techniques. Feedforward techniques are about avoiding errors up front, for example by coming up with better prompts and planning strategies. Feedback gives agents a signal that they have actually achieved a task. Feedback is a key part of common agentic patterns like Ralph loops or the /goal commands in Codex and Claude Code: keep working until some known condition passes.