TeamCity 2026.1 introduces a set of focused improvements that make your CI/CD more intuitive, intelligent, and enterprise-ready.

Werner Vogels published a detailed look at the engineering behind Lambda’s network. On the security side, GitHub Actions is identified as the weakest link in your CI/CD chain, with a thorough breakdown of how supply chain attacks can move through workflows. Cloudflare shared the internal AI engineering stack they actually run, including how they’re orchestrating AI code review at scale across their own engineering org. Halodoc documented their migration of AWS MSK from ZooKeeper to KRaft using a canary approach, and one team explains why Dockerfile practices cost you before they ever become a security problem.

On the tutorial side: a $1,432 to $233/month hosting cut by moving from DigitalOcean to Hetzner with zero downtime, Terraform module design via an AI agent skill built around design decisions first and code generation second, a detailed argument that Terragrunt’s run-all is broken beyond repair by multi-state transactions, benchmarking workflow execution scalability on Postgres, building a production MCP server in Go, auto-diagnosing Kubernetes alerts with HolmesGPT, and Cloudflare’s own AI code review pipeline in depth.

For videos this week: a practical terminal setup combining Tmux, btop, and GPU monitoring into a single system monitoring workflow, a real-world look at what a billion database rows actually looks like in production, and an investigation into why companies spend millions buying GitHub stars.

This week’s open source picks include JuiceFS, a Go-based POSIX file system that stores data in S3 and metadata in Redis or MySQL with 10x the sequential throughput of EFS; Gatus, a Go health dashboard that monitors over HTTP, TCP, DNS, gRPC, and 40+ alerting integrations; kured, the CNCF Sandbox Kubernetes daemonset that automates safe node reboots using API server locking; and RedAI, a TypeScript and Python workbench that validates AI-discovered vulnerabilities in live browser and simulator environments before generating reports.

AI, Pipelines, and Enterprise CI/CD

TeamCity 2026.1 introduces a set of focused improvements that make your CI/CD more intuitive, intelligent, and enterprise-ready. Join us on May 12th for a live walkthrough of the latest updates, including the new TeamCity CLI and MCP support!

Newsworthy stories

• The invisible engineering behind Lambda’s network

• GitHub Actions is the weakest link

• The AI engineering stack we built internally

• Dockerfile practices are a DevOps tax before they are a security concern

• Migrating AWS MSK from ZooKeeper to KRaft

Tutorials of the week

• Terraform module design is the hard part, so I built an agent skill for it

• Migrating from DigitalOcean to Hetzner: from $1,432 to $233/month with zero downtime

• Terragrunt is dead: multi-state transactions killed run-all

• Does Postgres scale?

• Orchestrating AI code review at scale

• My Claude Code setup

• AWS DevOps Agent: your AI SRE is now on call

• Auto-diagnosing Kubernetes alerts with HolmesGPT and CNCF tools

• Dockerizing a Java 26 project with Docker Init

• Building a production MCP server in Go

Videos of the week

Projects of the week

• JuiceFS is a Go-based POSIX distributed file system that stores data in S3 and metadata in Redis or MySQL, with 10x more throughput than EFS.

• Gatus is a Go health dashboard that monitors services over HTTP, TCP, DNS, gRPC, and SSH with 40+ alerting integrations.

• winpodx is a Python tool that runs Windows apps as native Linux windows using FreeRDP RemoteApp and a containerized Windows instance.

• kured is a Go Kubernetes daemonset that safely reboots nodes one at a time using API server locking. CNCF Sandbox project.

• RedAI is a TypeScript/Python workbench that uses AI agents to find and validate vulnerabilities in live browser and simulator environments.

• Rocky is a Rust control plane for data warehouse pipelines with column-level lineage, schema drift detection, and compile-time data contracts.

Meme of the week

Bright Data CLI gives coding agents (Claude Code, Cursor, Copilot) real-time web scraping and structured data extraction from 40+ platforms, directly from the terminal, at 10-32x the cost of MCP for equivalent tasks.

Sysdig documented how CVE-2026-33626 enabled a published LMDeploy advisory to become a working SSRF exploit within 12.5 hours, with attackers probing for AWS IMDS credentials, Redis, and MySQL endpoints. Palo Alto’s Unit 42 took it further, publishing findings from building an autonomous AI agent that attacks cloud infrastructure on its own. Wiz published a detailed GitHub Actions threat model, and Synthesia shared what actually moved the needle when scaling vulnerability management with AI.

On the tutorial side, we cover migrating from Ingress NGINX to Traefik or Gateway API without the usual pain, building eBPF-based bandwidth limiting in the AWS Network Policy Agent, deploying Docker apps to Linux with K3s, and using Claude Code for DevSecOps on AWS. Plus: automating incident investigation with the AWS DevOps Agent.

This week’s open source picks include clawsec, a security suite that protects AI agents from prompt injection; pmg, a Go-based package manager guard that blocks malicious npm, pip, and yarn packages before they run; pgweb, a zero-dependency Postgres web UI that ships as a single Go binary; and GreenKube, a Python tool for tracking and reducing the carbon footprint of Kubernetes clusters.

Your AI agent can’t see the web. Fix that in 30 seconds.

Bright Data CLI gives coding agents (Claude Code, Cursor, Copilot) real-time web scraping, search, and structured data extraction from 40+ platforms - directly from the terminal. One command. No MCP overhead. No schema bloat. 10-32x cheaper than MCP for equivalent tasks - Check out the GitHub repo

Newsworthy stories

• Primer on GitHub Actions security

• Can AI attack the cloud?

• Most devs ignore git worktree

• ISO 27001 on AWS: building compliance into the architecture

• Scaling vulnerability management with AI: what actually worked

• The engineering manager’s attention budget

Tutorials of the week

• Automating incident investigation with AWS DevOps Agent

• Migrate from Ingress NGINX to Traefik or Gateway API in minutes, not days

• A better way to deploy a Docker app to a Linux server

• A framework for securely collecting forensic artifacts into S3 buckets

• The Claude Code DevSecOps shift on AWS

• Building eBPF-based bandwidth limiting in AWS Network Policy Agent

• How attackers exploited LMDeploy LLM inference engines in 12 hours

Videos of the week

Projects of the week

• clawsec is a security skill suite for AI agents that defends against prompt injection and provides dedicated protection modules for OpenClaw, NanoClaw, and Hermes.

• xata is a cloud-native platform for self-hosting Postgres on Kubernetes with copy-on-write branching (copy TBs in seconds).

• clauditor is a security scanner that audits Claude Code configuration across user, project, local, and managed scopes with 50+ built-in checks, severity ratings, and a hardened settings generator for CI/CD pipelines.

• pmg is a Go-based package manager guard that intercepts npm, pip, yarn, pnpm, bun, and uv installations to block malicious packages using real-time threat intelligence.

• ml-intern is an autonomous ML engineer agent that reads papers, trains models, and ships through a 300-iteration agentic loop.

• pgweb is a web UI for PostgreSQL that ships as a single binary with no dependencies, supporting SSH tunnels, multiple concurrent sessions, and data export.

• GreenKube is a tool for monitoring and reducing the carbon footprint of Kubernetes clusters.

Meme of the week

IaCConf 2026 is back on May 14, free and virtual. Corey Quinn is keynoting on AI writing Terraform code, and if that’s part of your stack, it’s worth the two hours.

Wiz traced a GitHub Actions supply chain campaign to six accounts pushing AI-generated malicious packages under the prt-scan name. A researcher also found that Claude Code’s deny rules are silently bypassed when the token cost of running security checks gets too high. Cloudflare shipped Artifacts, versioned storage that speaks Git and targets agent workflows, and Duolingo walked through migrating 500+ backend services from ECS to EKS with Argo CD and IPv6-only pod networking.

On the tutorial side: Grafana’s Kubernetes monitoring Helm chart v4, deploying MCP servers on Amazon ECS, how Slack manages context in long-running agentic applications, Cloudflare’s reference architecture for safer enterprise MCP deployments, and a straight question: do you even need a database?

Open source this week includes codeburn, a terminal dashboard tracking AI coding token costs across Claude Code, Codex, Cursor, and Copilot, tigerfs for mounting PostgreSQL as a filesystem you can browse with ls and cat, mergetopus for parallelizing large Git merges across multiple developers, and aimock, a single-package mock for LLM APIs, MCP, vector DBs, and search.

Join the IaCConf 2026 Keynote: “AI Speaks Terraform Like a Tourist”

Nobody calls out cloud infrastructure nonsense quite like Corey Quinn. If your team is using AI to write infrastructure code, you NEED to come hear this. Join us for his keynote at the free virtual conference built for engineers who manage infrastructure at scale - Grab your free spot

Newsworthy stories

• Inside the prt-scan supply chain campaign

• How GitHub uses eBPF to improve deployment safety

• The AWS Lambda “kiss of death”

• I imported the Linux kernel into PostgreSQL

• Versioned storage that speaks Git

• Duolingo’s Kubernetes leap

• Critical Claude Code vulnerability

• Vulnerability research is cooked

Tutorials of the week

• Kubernetes monitoring Helm chart v4

• Using GitHub Copilot to write unit tests fast

• The Claude Code DevSecOps shift on AWS

• Transforming FinOps with the latest Amazon Q cost capabilities

• Do you even need a database?

• Deploying MCP servers on Amazon ECS

• Managing context in long-run agentic applications

• Reference architecture for enterprise deployments of MCP

• A GitHub agentic workflow

• Multi-agent system reliability

Videos of the week

Projects of the week

• pompelmi is a minimal Node.js wrapper around ClamAV that scans any file for malware.

• hiraeth is a local AWS emulator built for fast SQS integration testing, with SQLite state persistence and a built-in web debugging interface.

• codeburn is a terminal UI dashboard that tracks AI coding token usage and costs across Claude Code, Codex, Cursor, and GitHub Copilot.

• mergetopus is a tool that untangles complex Git merges by splitting conflicted files into parallel slice branches, letting multiple developers resolve different conflicts at the same time.

• tigerfs is a Go filesystem interface backed by PostgreSQL that lets you mount a database and browse it with standard Unix tools.

• osv.dev is Google’s open source vulnerability database and triage service, tracking vulnerabilities across multiple package ecosystems.

Meme of the week

Noros connects to your AWS, GCP, and Azure accounts in 5 minutes and answers questions like “why did my spend spike this month?” in seconds. DevOps Bulletin readers get a free month at launch.

This week, BeyondTrust uncovered a command injection flaw in OpenAI Codex that exposed GitHub tokens, and Claude Code’s source code was leaked through npm source maps. Giant Swarm detailed how they live-migrated hundreds of Kubernetes clusters to the Cluster API with zero downtime.

On the tutorial side: AWS launched S3 Files to let you mount buckets as file systems; Ingress NGINX hit EOL, and Datadog walks through migrating to Kubernetes Gateway API; SpecterOps shows how Claude Code raises the bar for secure code reviews in pentesting engagements. Plus: why you should never let AI near your production database, how Slack replaced custom network tooling with Prometheus for HTTP/3 readiness, a complete Terraform setup for EKS Auto Mode, and the Git commands worth running before touching any unfamiliar codebase.

This week’s open source picks include PentAGI, a fully autonomous AI pentest agent in Go with 14.7k stars; Gardener, which manages Kubernetes clusters at scale across any infrastructure using hosted control planes; keeper, a Go cryptographic secret store; and skrun, which deploys agent skills defined in SKILL.md files as callable REST APIs.

What if you could ask your cloud bill anything?

Why is my spend 5% higher this month?” Noros is the AI agent that answers in seconds. Ask about anomalies, overprovisioned instances, cost spikes, and more across AWS, GCP, and Azure. DevOps Bulletin readers get a free month at launch.

Join the waitlist.

Newsworthy stories

• Open source security at Astral

• Live migrating hundreds of Kubernetes clusters to Cluster API

• OpenAI Codex command injection vulnerability exposes GitHub tokens

• Claude Code source leaked via npm source maps: lessons for every DevOps team

• Trunk-based development: why most teams think they use it (but don’t)

• How we built a real-world evaluation platform for autonomous SRE agents at scale

Tutorials of the week

• Enforcing AI governance across AWS organizations

• Launching S3 Files, making S3 buckets accessible as file systems

• Don’t let AI touch your production database

• I replaced Portainer, Grafana, and Prometheus with this stack

• Leveling up secure code reviews with Claude Code

• The Git commands I run before reading any code

• I let Claude review my PRs: what it caught and missed

• A practical guide for migrating to Kubernetes Gateway API

• A complete Terraform setup for EKS Auto Mode: is it right for you?

• Scalable network probing and HTTP/3 readiness with Prometheus

• Deploying Go apps to Google Cloud Run

Videos of the week

Projects of the week

• keeper is a Go cryptographic secret store that encrypts payloads at rest.

• npm-security-best-practices is a list of security best practices across supply chain attack mitigation, dependency resolution, and vulnerability scanning.

• PentAGI is a fully autonomous AI agent system for penetration testing, packing 20+ built-in security tools.

• tui-use is a tool that lets AI agents control interactive terminal programs (REPLs, debuggers, TUI apps) that normally require a human at the keyboard.

• DriftHound is an app that receives Terraform drift reports via API and provides a centralized dashboard for tracking infrastructure drift across projects.

• Gardener is a Go platform for managing homogeneous Kubernetes clusters at scale across any infrastructure using hosted control planes.

• skrun is a framework that deploys agent skills defined in SKILL.md files as callable REST APIs.

Meme of the week

Welcome to this week’s edition of the DevOps Bulletin.

The Axios npm library was compromised through a targeted attack on the maintainer’s computer, exposing how vulnerable open-source projects can be. At the same time, developers are switching from traditional SSH keys to certificates for better security, and attackers are using fake VS Code alerts on GitHub to trick developers into clicking malicious links.

On the practical side, teams are using AI agents to automatically respond to incidents, securing LLM running on Kubernetes against injection attacks and model tampering, and learning how to use AWS KMS to mitigate ransomware attacks. Plus guides on running Terraform generation locally with open source tools, using Atlantis and GitHub Actions together for infrastructure changes, and securing Kubernetes clusters for payment compliance.

This week’s open source picks include SQLite with built-in JSON and search features; rpg, a Postgres client with AI built in; zerobox, a tool to safely run untrusted code; and argo-rollouts for smoother Kubernetes deployments. Plus coasts for running isolated development environments, databend for analytics and AI, and nushell for a better shell.

All this and more in this week’s DevOps Bulletin, don’t miss out!

Is your infrastructure keeping pace with AI?

IaCConf 2026 is the annual virtual event for all things infrastructure-as-code. This year's theme: keeping pace. Hear real stories from practitioners, demos of what platform teams are building, and discussions from those leading IaC initiatives.

Register for free today

Newsworthy stories

• SSH certificates: the better SSH experience

• Modern SQLite features you didn’t know it had

• DevOps AI: Where are we headed?

• Post Mortem: axios npm supply chain compromise

• How automated release approvals reduced deployment latency to seconds

• Widespread GitHub campaign uses fake VSCode security alerts

Tutorials of the week

• Leverage agentic AI for autonomous incident response with AWS DevOps agent

• Simulating ransomware with AWS KMS

• LLMs on Kubernetes

• 6,000 AWS accounts, three people, one platform

• Using AI for Terraform

• How to use Atlantis with GitHub Actions for Terraform

• Building PCI DSS-compliant architectures on Amazon EKS

• Best way to upload 25-30 TB data from a HDD to S3

Videos of the week

Projects of the week

• rpg is a PostgreSQL terminal client written in Rust that brings AI diagnostics and schema-aware completion to psql, with 15+ DBA tools built in.

• zerobox is a cross-platform process sandbox in Rust that restricts file, network, and credential access for safely running AI-generated code.

• argo-rollouts is a Kubernetes controller enabling blue-green, canary, and progressive delivery strategies with automated metric-driven promotion.

• agents-anywhere syncs AI agent configs, skills, and instructions across 10+ tools (Claude Code, Cursor, Windsurf, Gemini) from a single git repo.

• coasts runs isolated development environments in containerized worktrees on a single machine with a local observability UI, integrating with existing Docker Compose setups.

• nushell is a shell written in Rust that treats data as structured objects instead of text streams, enabling more powerful pipelines and type-aware operations.

Meme of the week

Welcome to this week’s edition of the DevOps Bulletin.

Malware hit PyPI through a poisoned LiteLLM package last week, and the full minute-by-minute response took just 72 minutes from discovery to public disclosure. Dropbox shrank its server monorepo from 87 GB to 20 GB. BeyondTrust got a full DNS reverse shell running inside AWS AgentCore’s supposedly isolated sandbox. And Cursor now has autonomous security agents reviewing over 3,000 PRs a week. Also, IaCConf is back for year two on May 14. If you work with IaC at any level, this is where the real conversations happen.

Tutorials this week cover a one-line Kubernetes fix that saved Cloudflare 600 hours a year, a Postgres upsert that silently quadrupled WAL syncs on every no-op write, simplifying containers with Cloudflare Sandboxes, Terraform drift detection with GitHub Actions, pentesting AWS’s own Security Agent and a practical guide to Go naming conventions.

Open source picks include Augustus, a Go-based LLM vulnerability scanner with 210+ adversarial probes; OpenSandbox from Alibaba for isolated AI agent workloads; TerraVision for automatically generating architecture diagrams from Terraform; LayerLeak for scanning Docker images for leaked secrets; and CISO Assistant, which covers 100+ compliance frameworks in one platform.

All this and more in this week’s DevOps Bulletin, don’t miss out!

IaCConf is the only conference built entirely around infrastructure as code

Year two is here. Come meet your peers who are doing this work at the highest level. Learn what’s actually working and join these real conversations that don't happen at other virtual DevOps events. Don’t miss out. Register now.

Newsworthy stories

• My minute-by-minute response to the LiteLLM malware attack

• Stop enabling every AWS security service

• Reducing our monorepo size to improve developer velocity

• Securing our codebase with autonomous agents

• Pwning AWS AgentCore code interpreter

• The incident challenge

• Debugging Postgres performance

• Harness design for long-running application development

Tutorials of the week

• Simplifying containers with Cloudflare Sandboxes

• Terraform drift detection with GitHub Actions

• A one-line Kubernetes fix that saved 600 hours a year

• Audit-ready infrastructure

• SQL injection through LLM output

• Pentesting a pentest agent: here’s what I’ve found in AWS Security Agent

  

• Kubernetes strategic merge patch

• Artisanal handcrafted Git repositories

• Building reusable custom images for Azure VMs

• Go naming conventions

Videos of the week

Projects of the week

• TerraVision converts Terraform code into professional cloud architecture diagrams using official AWS, GCP, and Azure icons.

• Optio is a workflow orchestration platform for AI coding agents that takes tasks from GitHub Issues or Linear tickets and drives them through to merged PRs, automatically handling CI failures and code review feedback.

• Expect lets AI agents test your code in a real browser. It scans git diffs, generates a test plan, and executes it via Playwright with recorded sessions for replay.

• Elastic Agent Skills is the official skills library that teaches AI coding agents how to work correctly with Elasticsearch, Kibana, and Elastic’s observability and security APIs.

• CISO Assistant is an open-source GRC platform covering risk assessments, compliance tracking across 100+ frameworks, and third-party risk management in a single interface.

• LayerLeak is a Docker Hub and OCI image secret scanner written in Go that analyzes image layers, config metadata, and build history without requiring a local Docker daemon.

• Augustus is a Go-based LLM vulnerability scanner that runs 210+ adversarial probes across 47 attack categories, including jailbreaks, prompt injection, and data extraction.

• OpenSandbox is Alibaba’s sandbox platform for AI agent workloads, providing isolated code execution with gVisor, Kata Containers, and Firecracker microVMs.

Meme of the week

From S3 bucketsquatting finally being dead after a decade of exploitation, to Reddit migrating petabyte-scale Kafka from EC2 to Kubernetes with zero downtime, and an active phishing campaign targeting AWS console credentials using adversary-in-the-middle proxies.

On the tutorial side, we look at how AI agents write Go, vibe coding’s attribution problem, why git blame matters more than ever, and how Datadog caught an AI-powered bot trying to inject malicious code into their open-source repos. Plus a $7 Lightsail setup that replaces your local AI agent, and a deep dive into when Kubernetes actually restarts your pod.

This week’s open source picks feature Serie, a Rust-based terminal tool for clean Git commit graphs, Bromure, a macOS app that runs each browser session inside a disposable Linux virtual machine, and Trajan, a scanner that detects vulnerabilities across platforms like GitHub Actions, GitLab CI, Azure DevOps, Jenkins, and JFrog.

All this and more in this week’s DevOps Bulletin, don’t miss out!

Building an IDP from Scratch - Live Workshop

Design and build an Internal Developer Platform that scales and gets adopted. This hands-on, 2-day workshop covers platform-as-a-product thinking, cloud-native architecture, IaC, automation patterns, and production readiness. Ideal for platform engineers, DevOps teams, and engineering leaders building IDPs. Exclusive 40% discount code: DEVOPSBULLETIN

Newsworthy stories

• S3 bucketsquatting is finally dead

• Security architecture of GitHub agentic workflows

• How Reddit migrated Petabyte-scale Kafka from EC2 to Kubernetes

• Azure DevOps remote MCP server

• What if your Git history were a SQL database?

• Active phishing campaign targeting AWS console credentials

• Postgres is the Gateway drug

• When should you use BFF, and should it replace API Gateway?

Tutorials of the week

• The $7 AWS setup that replaced my local OpenClaw

• Catching malicious contributions in Datadog’s open source repos

• Vibe coding needs git blame

• Building a virtualized Kubernetes homelab

• How AI agents want to write Go

• When Kubernetes restarts your pod

• Hosting and scaling EKS hybrid nodes

• Complete guide to AWS ECS

• Mastering GKE multi-tenancy

Videos of the week

Projects of the week

• Serie is a TUI application that renders Git commit graphs with rich visuals using the terminal’s image display protocol.

• Git Quest is a web-based RPG game that converts your GitHub commit history into character progression and in-game resources.

• Pertmux is a terminal dashboard that unifies merge requests, git worktrees, tmux sessions, and AI coding agents into a single real-time monitoring interface.

• Nord Stream is a security testing tool that extracts secrets from CI/CD environments by deploying malicious pipelines across Azure DevOps, GitHub, and GitLab.

• Trajan is a security scanner that identifies vulnerabilities in CI/CD pipeline configurations across GitHub Actions, GitLab CI, Azure DevOps, Jenkins, and JFrog.

• Bromure is a native macOS app that runs every browser session inside a lightweight, disposable Linux virtual machine for full isolation.

Meme of the week

An autonomous bot spent 7 days exploiting GitHub Actions across Microsoft, DataDog, Aqua Security, and CNCF projects — exfiltrating tokens with write permissions from awesome-go (140K stars) and fully compromising Trivy’s releases. Meanwhile, new research shows that roughly half of SWE-bench-passing AI PRs would be rejected by actual maintainers, and Uber shares how it replaced thousands of individual Kafka policies with a single CEL-based access control rule.

On the tutorial side, a HashiCorp Core team engineer breaks down Terraform internals from addressing to expansion logic, while a researcher shows how opening a GitHub issue let them steal npm publish tokens from Cline’s CI — poisoning 4,000 machines before detection. Plus: why you should turn Dependabot off, how a Rust rewrite cut batch jobs from 30 minutes to under 5, and how ParadeDB optimized top-K queries from 37 seconds to 300ms.

This week’s open source picks include Terrapod — an open-source Terraform Enterprise replacement with built-in governance, PipeStep — a debugger that lets you step through GitHub Actions workflows locally in Docker, and Aegis — an EDR tool that monitors AI agent behavior in real time.

All this and more in this week’s DevOps Bulletin, don’t miss out!

Newsworthy stories

• Building a database on S3

• A bot actively exploiting GitHub Actions - Microsoft, DataDog, and CNCF projects

• When Kubernetes is the wrong default

• Many SWE-bench-passing PRs would not be merged into main

• How AI agents automate CVE vulnerability research

• Please, please, please stop using passkeys for encrypting user data

• How I dropped our production database and now pay 10% more for AWS

• How Uber reinvented access control for microservices

Tutorials of the week

• Migrating from Heroku to AWS

• How I use LLMs for security work

• Building AI teams with Docker sandboxes

• A series about the internals of Terraform

• How to steal npm publish tokens by opening GitHub issues

• Turn Dependabot off

• Using Rust and Postgres for everything

• A multi-agent architecture for automated penetration testing

• Understanding the Go runtime

• Getting started with GitOps

• How we optimized top K in Postgres

• How LDAP works

Videos of the week

Projects of the week

• Temps is a self-hosted deployment platform that combines app hosting, monitoring, and infra management in a single binary.

• Neko is a self-hosted, Dockerized virtual browser that uses WebRTC for multi-user collaborative browsing.

• Terrapod is an open-source Terraform Enterprise replacement with built-in collaboration, governance, and state management.

• PipeStep is a debugger for GitHub Actions that lets you step through CI workflows locally in Docker.

• OneCLI is a credential gateway that transparently injects API keys into AI agent requests so agents never touch secrets.

• Switchboard is a desktop app that lets you manage all your Claude Code sessions from a single, unified interface.

• load-secrets-action is a GitHub Action to load 1Password secrets into workflow environment variables.

• Aegis is an EDR tool that monitors AI agent behavior, tracking processes, file access, and network activity in real time.

Meme of the week

Welcome to this week’s edition of the DevOps Bulletin.

From Iranian drone strikes taking down AWS data centers in the UAE and Bahrain, to Truffle Security finding 2,863 live Google API keys on the public internet that now silently authenticate to Gemini.

On the tutorial side, we get into designing caching architectures that cut LLM costs by 30% through semantic deduplication, building AI agents for infrastructure teams with proper safety guardrails, and a hands-on guide to pg_semantic_cache in Postgres that achieves 60-80% cache hit rates. Plus: debugging Go memory leaks with pprof, secure error-handling patterns in Go, and AWS cost optimization with up to 72% savings.

This week’s open-source picks include Shannon - an autonomous AI pentesting framework that validates vulnerabilities using real exploits, Titus - a high-performance secrets scanner with 487 detection rules, and safe-chain — a local proxy that blocks malicious npm and PyPI packages before installation.

All this and more in this week’s DevOps Bulletin, don’t miss out!

Your Terraform Plan passed. Your app just broke. Here's why.

Clean plan. Successful apply. App down two hours later. Sound familiar? Learn how platform teams scale IaC without the chaos.

Free virtual event, March 12 at 12 PM ET. Register now.

Newsworthy stories

• How even senior developers mess up their Git workflow

• Amazon says it could take at least a day to restore data centers hit by ‘objects’ in the UAE

• Terraform, feature flags, and configurability

• Designing caching architectures to minimize latency and LLM costs at scale

• Google API keys weren’t secrets. But then Gemini changed the rules

• The KFC architecture blueprint: Kafka, Flink, and ClickHouse

Tutorials of the week

• How to design, build, and operate AI agents for infrastructure teams

• Draw.io MCP for DevOps diagrams generation

• Master Kubernetes through production-ready practice

• Running OpenClaw safely

• Use CLI like a modern tech bro

• Semgrep + AI for Infrastructure as Code

• Debugging a Go memory leak

• AWS cost optimization best practices

• A hands-on guide to Postgres caching

• Best practices for secure error handling in Go

Videos of the week

Projects of the week

• Self-hosted platform for provisioning secure cloud development environments and workspaces defined with Terraform and accessed through remote IDEs.

• Autonomous AI pentesting framework that analyzes source code, discovers attack paths, and executes real exploits to validate web app vulnerabilities.

• Local proxy that protects developers and CI pipelines by scanning npm and PyPI packages for malware and blocking risky or newly published dependencies before installation.

• AI-powered threat modeling tool that analyzes system architectures and generates security threat models using LLM agents.

• A Kubernetes operator that deploys, autoscales, and manages Ray clusters and workloads for distributed AI and machine learning on Kubernetes.

• YAML-driven CLI for scenario-based testing, API automation, and load testing across HTTP, gRPC, databases, browsers, SSH, and local commands

• High-performance secrets scanner that detects and validates API keys, tokens, and credentials across source code, git history, binaries, and web traffic

• Kubernetes native batch scheduler designed for AI, ML, big data, and HPC workloads with advanced resource scheduling and queue management

Meme of the week

Welcome to this week’s edition of the DevOps Bulletin.

Big news this week includes an exclusive offer for DevOps Bulletin subscribers: up to $100k in free credits for building or scaling your stack on AWS. Our curated stories share how Datadog reduced its Go agent binaries by 77%, Netflix’s journey migrating RDS Postgres workloads to Aurora, enterprise strategies for scaling GitOps, rendering 100 million pixels per second over SSH, FinOps tips to reduce 70% of S3 cost, running Git inside Postgres, and why securing OpenClaw may be the wrong problem to solve.

Tutorials this week go deep into Postgres fundamentals, Docker BuildKit, and hard lessons from real-world SQL queries, as well as building Terraform review agents with Gemini, designing secure agent skills and MCP servers, and deploying a production-ready, scalable code modernization platform.

The open source picks include an autonomous Claude powered multi agent system that turns Linear issues into reviewed pull requests, a PostgreSQL proxy with connection pooling and sharding, a terminal dashboard for managing cron jobs over SSH, a VSCode extension that visualizes SQL lineage and dependencies, a local first AI agent task manager, and an S3 native Kafka compatible event streaming server built as a single Rust binary.

All this and more in this week’s DevOps Bulletin, don’t miss out!

Get up to $100k in FREE AWS credits

How to reduce your AWS expenses without compromising your product's potential? Spendbase, in partnership with AWS, offers up to $100k in free AWS credits for DevOps Bulletin subscribers. The application process is simple: new & existing AWS users are eligible (even if you've received credits before). Everything you need is a startup under 10 years old with a corporate website.

Claim your credits now!

Newsworthy stories

• How we reduced the size of our Agent Go binaries by up to 77%

• Automating RDS Postgres to Aurora Postgres migration

• How to scale GitOps in the enterprise

• Rendering 100M pixels a second over SSH

• How a video hosting platform saved 70% on S3

• Git in Postgres

• Why is trying to secure OpenClaw ridiculous

Tutorials of the week

• You just need Postgres

• Bash for agents

• Building an in-house Terraform review agent with Gemini CLI

• Building a scalable code modernization solution with AWS Transform custom

• Docker’s hidden gem that can build almost anything

• Hard lessons from a real SQL query

• MCP server security

• 3 principles for designing agent skills

• Migrate Amazon EC2 to ECS Express Mode using Kiro CLI and MCP servers

• Making Harbor production-ready

Videos of the week

Projects of the week

• An autonomous Claude-powered multi-agent system that turns Linear issues into reviewed, tested, and merged pull requests.

• Terminal dashboard for managing and scheduling local and remote cron jobs over SSH with validation and autocompletion.

• VSCode extension that turns SQL queries and whole workspaces into interactive execution flow, lineage, and dependency diagrams.

• PostgreSQL proxy that provides connection pooling, query-aware load balancing, health checks, and built-in database sharding.

• Local first AI agent task manager that organizes, prioritizes, and orchestrates multiple coding agents with a dashboard.

• S3 native Kafka-compatible event streaming server that stores data directly in object storage with a single Rust binary and no broker fleet.

Meme of the week

Welcome to this week’s edition of the DevOps Bulletin.

In this week’s news, we unpack the hidden friction inside FOCUS 1.2 and what happens when a clean FinOps specification collides with messy real b…

Read more

In this week’s news, we look at what Heroku’s “sustaining engineering” announcement really means for teams still running production workloads the…

Read more

In this week’s news, we look at why GitHub Actions is becoming a serious productivity bottleneck for many teams, what it actually takes to own a …

Read more

Welcome to this week’s edition of the DevOps Bulletin.

We open with a growing problem security teams are quietly struggling with. AI tools are moving sensitive data across SaaS and internal systems in…

Read more

Welcome to this week’s edition of the DevOps Bulletin.

We’re kicking off with AI and Infrastructure-as-Code. IaCConf Spotlight on January 28 brings engineers together to share how they’re using AI in …

Read more

Welcome to this week’s edition of the DevOps Bulletin.

AI isn’t replacing DevOps teams, it’s changing how they work. Learn how by joining the IaCConf Spotlight on January 28. In the news, AWS’s direct…

Read more

Welcome to this week’s edition of the DevOps Bulletin.

We’re kicking off with AI and Infrastructure as Code: a spotlight event on January 28 will show how platform and DevOps teams are using AI for re…

Read more

This week: AWS’s CTO share his predictions for 2026 and beyond, why developers are gaming GitHub profiles (and why star…

Read more

Why Kubernetes clusters are massively underutilized in production, how Cloudflare is eliminating cold starts with “shard and conquer,” and what h…

Read more

Welcome to this week’s edition of the DevOps Bulletin!

Cloudflare shared how they run Cloudflare at enterprise scale with IaC, SonarSource dropped a GitHub Actions “zombie workflows” horror story, and…

Read more