Operations | Monitoring | ITSM | DevOps | Cloud

The golden path: security that works because it's the easy path

A golden path for dependency management isn't a policy document – it's a preconfigured private registry with upstream proxies covering every ecosystem your teams use, set as the default. Developers don't opt into security; they get it automatically by using the standard toolchain. The alternative is teams configuring their own controls, producing inconsistent postures and compounding risk across the org. If the secure path requires extra steps, developers will route around it. Make it the easiest option and the policy enforces itself.

ACP vs MCP: What's the difference for agentic coding?

An AI coding agent holds many conversations at once. Not only is the user prompting it, the agent also talks to the IDE, showing diffs and asking before it touches a file. At the same time it talks to tools, pulling a failing build or querying a database. Two open protocols standardize those conversations. This guide compares ACP vs MCP in practical terms: what each protocol does and when each applies. ACP (Agent Client Protocol) connects a code editor to an AI coding agent.

The most dangerous window is before threat intel knows about it

When a malicious package is first published, threat intelligence sources haven't flagged it yet – and every team pulling from a public registry is exposed during that entire window. The fix isn't faster scanning; it's a policy that holds new packages for a defined cooldown period before they're eligible to pull. By the time the window closes, the threat intelligence has caught up. Teams pulling direct from npm or PyPI have no equivalent enforcement layer – which is exactly how attacks like Shai-Hulud got in.

Fix flaky tests with AI, and track future test work in Jira

In January we launched Tests in Bitbucket Pipelines – a single place to track, organize, and understand your test health over time. In April we added automatic flaky test detection so unreliable tests get flagged before they slow your team down. But spotting a problem is only half the battle. Day to day, your team still needs to act on a test – track it as work, clean it up, or route it to the right person.