Operations | Monitoring | ITSM | DevOps | Cloud

Unlocking efficiency with Merge Queues in Bitbucket Cloud now GA

Earlier this year, we launched Merge Queues in open beta to help teams automate, sequence, and validate pull request merges. During the beta period, we incorporated feedback from hundreds of teams to improve reliability and simplify configuration. Today, we are excited to announce that Merge Queues is generally available for Standard and Premium plans on Bitbucket Cloud.

Agentic Pipelines now supports OpenAI Codex

Bring your Codex agent into Bitbucket Pipelines. A few weeks ago, we announced support for Claude agents in Bitbucket Pipelines. Today, we’re adding OpenAI Codex as a supported agent. If your team is already using Codex on the desktop, you can now move that same workflow into your pipeline — triggered by a merge, a schedule, a failing build, or a pull request comment.

Why you should use Language Server Protocol (LSP) with Claude Code

Agentic coding tools like Claude Code can write, refactor, and debug across an entire codebase, but by default they read code as plain text, the way grep does. The Language Server Protocol (LSP) changes that: it’s the same code-intelligence layer an IDE uses, and wiring it into an agent lets it read code by meaning instead of by string match. The bigger the codebase, the more a wrong guess about a symbol costs, and the more that structural view pays off.

Native Xet Protocol Support in JFrog Artifactory: How Enterprise Model Management Actually Works

Machine learning models are not like other software artifacts. A single fine-tuned LLM can weigh 70 GB. A model family may share 95% of its weights across dozens of variants. When hundreds of developers, training jobs, and GPU clusters all need the same model at the same time, the infrastructure underneath needs to be built for it.

Introducing Package triggers in Bitbucket Pipelines

In November 2025, we introduced new triggers and workflows to Bitbucket Pipelines to help teams manage and scale complex CI/CD workflows. We later extended that foundation with additional event-based triggers for pipeline, deployment, and pull request events. We’re now extending that model with a new package-artifact-created trigger.

Trace packages back to their source pipeline

When we introduced native Pipelines authentication for Bitbucket Packages, we made it easier to publish artifacts from CI/CD without relying on personal credentials. Now we’re extending that integration further: package artifacts published through the Pipelines integration can display a Source Pipeline, making it easy to trace an artifact back to the pipeline run that created it.

Bitbucket Packages adds PyPI and NuGet support

If your team bIf your team builds with Python or.NET, your packages have likely lived separately from your code, stored in a registry with distinct login, permissions, and billing. Starting today, they don’t have to. Bitbucket Packages now supports the Python Package Index (PyPI) and NuGet, integrating Python and.NET package management into the platform where your team writes code, reviews pull requests, and runs pipelines.

Cut your environment setup time in half with Chunk sidecar snapshots

When you’re building with AI, you can get a lot done in 30 seconds. Waiting minutes for CI feedback on your latest change can feel like an eternity. Chunk sidecars are designed to give you feedback fast, running your full test suite against the same Linux environment as CI, directly inside the agentic loop. Traditional CI pipelines can take five or ten minutes to catch a basic lint error or failing unit test.

Stop Treating Coding Agent Plugins Like Settings: Introducing Agent Plugins Repositories

Your developers install agent plugins every day: pulling from unmanaged GitHub repos, copying Cursor commands out of Slack, pointing Codex at a personal Git fork. Each of those is a new, uncontrolled distribution channel inside your software development lifecycle, and your platform team has zero visibility into any of it. A plugin is not a preference file. It is executable software, and right now it’s arriving on developer machines with no versioning, no provenance, and no audit trail.

Cooldown policies - Block malicious packages at the index

Every dependency pull is a trust decision. Public registries don't vet what they serve. Cooldown policies give you a gate at the moment that matters most: when a package first enters your environment. Dan McKinney (Solutions Engineering Manager) walks through how Cloudsmith's cooldown policies work and how to configure one in under five minutes. What Dan covers.

Chunk sidecars: Inner Loop Validation for AI Coding Agents

Your agent writes code fast, but you shouldn't have to see it until it's right. Chunk sidecars are lightweight microVMs that work inside the agent loop, requiring agents to pass pre-push validation in a CI-like environment before they declare they're "done." That means no massive CI pile-ups, no long round-trips that risk resetting your agent's context. You're sending code you already know is good.

Track Deployment status for your PRs (Beta)

You shouldn’t have to leave your PR list to know where your code is deployed. Yet, developers constantly lose time context-switching just to see if a change hit staging or production. To solve this, we are launching the Beta version of Deployment Status Tracking for your PRs. This feature surfaces live deployment statuses directly within your PR list view as code moves through your pipeline.

Why CI/CD Pipelines Miss Runtime Failures

CI/CD pipelines do four things: it builds code, runs tests against mocked dependencies, lints for style violations, and scans for known vulnerability patterns. What it cannot do is validate how that code behaves under real users, real service responses, and real runtime constraints that staging was never configured to reproduce. That entire class of failure clears every gate cleanly and surfaces only in production.

The Miasma worm explained: How it Hit Red Hat and Microsoft

Miasma has already hit Red Hat and 73 Microsoft GitHub repos. Here's how it works and what your team can do right now. Nigel Douglas, Head of Developer Relations at Cloudsmith, breaks down the Miasma worm – a self-replicating supply chain attack and evolved variant of Mini Shai-Hulud from threat group TeamPCP. Learn how Miasma uses the yo-yo attack method to move laterally across registries and workstations, why conventional scanners missed it, and the practical steps security teams can take today, including cooldown policies and continuous risk assessment.

Mainframe DevOps: Modern CI/CD for Big Iron | Harness Blog

For Platform Engineering teams, the goal has always been clear: build a secure, scalable internal developer platform that reduces cognitive load and accelerates time-to-market. Yet, a massive obstacle often remains hidden in plain sight: the mainframe. While your distributed teams are shipping cloud-native microservices multiple times a day, your core backend mainframe applications frequently remain locked in an isolated silo, lagging behind on slow monthly or quarterly cadences.

Agent Hooks + Chunk sidecars: Stop Broken AI Code Before It Hits CI

AI agents write code fast, but the feedback loop usually can't keep up. In this tutorial, you'll see how to wire Chunk sidecars into your agent's hooks so basic failures get caught before they ever reach your CI pipeline. We'll walk through the two hooks that chunk init writes automatically: Both hooks return exit 2 on failure, blocking the commit or keeping the turn open so the agent can fix its own mistakes with no manual prompting required.

Azure Deployment Strategies & CI/CD Best Practices | Harness Blog

‍ Learn how to master Azure deployment with CI/CD pipelines, progressive delivery, and feature flags. See how Harness helps engineering teams ship faster and safer on Azure. Azure deployment sounds straightforward. Push code, it runs in the cloud. But if you've managed a 2 a.m. production incident because a deployment went sideways on AKS, you know the gap between "it deploys" and "it deploys safely at scale" is significant.

A package manager for AI assets (and why the lock file is per-user)

Sometime in the last two years your repos quietly filled up with a new category of file. Not code, not config exactly: prompts. A.claude/skills/ directory here. A.cursor/rules/ folder there. A CLAUDE.md at the root, an AGENTS.md next to it, a.mcp.json listing the servers your agent is allowed to call. These are the things that make a coding agent useful on your codebase, and they're sprawling.

Agentic validation needs different infrastructure

Previously, I described some core approaches to validating agent written code: feedforward and feedback techniques. Feedforward techniques are about avoiding errors up front, for example by coming up with better prompts and planning strategies. Feedback gives agents a signal that they have actually achieved a task. Feedback is a key part of common agentic patterns like Ralph loops or the /goal commands in Codex and Claude Code: keep working until some known condition passes.

Detecting Data Masking Gaps in a CI Pipeline | The Tony and Tonie show Ep46

Your schema changed. Did your masking rules keep up? Here’s how Flyway and Test Data Manager can catch gaps and prevent PII exposure in dev and test. Tony and Tonie discuss how Flyway and Redgate Test Data Manager can work together in a CI pipeline to detect schema changes that introduce unmasked sensitive columns, helping teams keep production-derived test data protected as the database evolves.

Run CI Tests Without Pushing: Microbuilds with Chunk sidecars

AI coding agents write code faster than your pipeline can catch mistakes. What if the agent could validate against CI before you ever push? In this 5-minute demo, we set up CircleCI's Chunk CLI and run a microbuild using Chunk sidecars, secure Linux microVMs that spin up in ~1 second in your CircleCI account, mirror your working directory (no git push required), and give your agent CI-grade feedback while it's still in context.

Prevent container image overwrites with immutable tags in Bitbucket Packages

We’re excited to announce that immutable tags are now available for the Bitbucket Packages container registry. With immutable tags, workspace admins can set container image tags from being overwritten, moved, or modified after they’re first pushed.

Premium self-hosted runners are generally available

In December, we shared our plans to introduce pricing for self-hosted runners. You told us loud and clear that a free option matters. Today, as Premium Runners become generally available, we are happy to share that we will continue to have a free tier, which includes the use of up to 100 self-hosted runners as part of your plan. If your team needs more scale, dedicated support, or advanced management features, you can upgrade to Premium Runners when you’re ready.