Welcome to this week’s edition of the DevOps Bulletin!

Kubernetes is powerful—but maintaining it yourself can be a full-time job. This week, we’re sharing a free whitepaper to help you evaluate the “build vs. buy” decision for Kubernetes infrastructure management. If you’ve ever wondered whether your team should keep operating clusters in-house or switch to a managed solution, this guide is for you.

In the news: 37signals just finished their full AWS exit—including S3—and claims they’ll save over $10M. Meanwhile, AWS rolled out a new security tool… that introduced a new vulnerability. Over 3,200 developers were hit by a malicious npm package campaign through Cursor. And there’s a new browser on the block—the first container-aware browser, designed for secure workloads.

This week’s featured video comes from Capital One, where engineers break down how they run AWS Lambda at scale. You’ll hear about their real-world serverless patterns, the operational challenges they’ve faced, and the hard-earned tips they’ve picked up along the way.

Our tutorials section is packed with hands-on guides:

• How to harden GitHub Actions from common attack vectors

• Hijacking NodeJS Jenkins agents in CI/CD pipelines

• 50 ways to isolate traffic for better security and network segmentation

• How async/await really works in Python

• Using OPA with Terraform for policy-as-code

• How to implement state machines in PostgreSQL

• Why AWS defaults can open you up to service takeovers

And don’t miss this week’s open-source spotlights:

• Docker2exe: convert a Docker image into a sharable executable

• Cloud Snitch: visualize AWS activity in a beautiful interactive map

• Know Your Enemies: detect third-party access in your AWS roles and S3 policies

• Qtap: an eBPF agent for capturing rich, pre-encrypted network context

• SQL Scope: convert SQL queries across dialects with ease

All this and more in this week’s DevOps Bulletin—don’t miss out!

Kubernetes Infrastructure Management: Build vs Buy

Are you spending more time managing Kubernetes than building the products that set your business apart from the competition? You’re not alone—many organizations struggle with the “build vs. buy” decision when it comes to Kubernetes infrastructure management. Learn the pros and cons for approach so you can make the decision that best meets the needs of your organization - Download now!

Newsworthy Stories

• 37signals says goodbye to AWS: Full S3 migration and $10M in projected savings

• Malicious npm packages infect 3,200+ Cursor users

• AWS built a security tool and introduced a security risk

• World's first container-aware browser

• The lost fourth pillar of observability

• Anomaly detection in time series

Video of the week

Tutorials of the week

• How to harden GitHub Actions

• Hijacking NodeJS’s Jenkins agents

• 50 ways to isolate traffic for cybersecurity, network administration, and other technical roles

• AWS defaults can open the door to service takeover

• Implementing state machines in PostgreSQL

• Learn how async/await works in Python

• A simple guide to OPA and Terraform

Projects of the week

• Docker2exe is a tool can be used to convert a Docker image to an executable that you can send to your friends!

• Cloud Snitch gives you a comprehensive look at your AWS account activity in a sleek and intuitive map view.

• Qtap is an eBPF agent that captures pre-encrypted network traffic, providing rich context about egress connections and their originating processes.

  

• Know Your Enemies is a tool that analyzes IAM Role trust policies and S3 bucket policies in your AWS account to identify third-party vendors with access to your resources.

• SQL Scope allows to convert SQL queries between different dialects effortlessly.

• Void is the open-source Cursor alternative. Use AI agents on your codebase, checkpoint and visualize changes, and bring any model or host locally.

• Core is open source framework for building powerful, fast, elegant 2D and 3D apps that run on macOS, Windows & Linux.

Meme of the week