Welcome to this week’s edition of the DevOps Bulletin!

A major supply-chain attack on the Nx build system leaked thousands of GitHub tokens and credentials, exposing private repos before GitHub shut it down. Elsewhere, engineers debated whether .gitignore should block everything by default to avoid leaking secrets, and others pointed out how SQL struggles with hierarchical structures and why CPU utilization metrics can be misleading. Add to that a tongue-in-cheek reminder of the “Unix conspiracy,” a DIY guide to building an AI server for $1.3K, and ByteByteGo’s breakdown of the nine-layer modern software stack. On the staging environment front, Signadot showed how giving every developer an on-demand testing environment can cut bottlenecks and speed up releases.

On the tutorial front: Datadog shared a SQL injection flaw in the Postgres MCP server,and Okta showed how to secure CI/CD pipelines with Terraform and OIDC. You’ll also find step-by-step paths for moving from Docker to Kubernetes, reasons to consider Podman over Docker, 20 essential Linux commands for sysadmins, top ArgoCD anti-patterns, and guides on automation with n8n, vector search, distributed tracing with Tempo and Pyroscope, and even writing a load balancer in just 250 lines of code.

Our open-source spotlight features Kubewall, a single-binary Kubernetes dashboard with multi-cluster and AI integration, and Fleet, a platform for managing thousands of machines. ToolHive makes it simple to discover and deploy MCP servers, while TrailScraper extracts insights from AWS CloudTrail. For lighter fare, Git Laugh Track injects humor into your Git workflow, WarmUp keeps your Lambda functions hot, and GhBuster flags suspicious GitHub repos and users.

All this and more in this week’s DevOps Bulletin, don’t miss out!

Newsworthy stories

• Supply chain attack leaks secrets on GitHub

• .gitignore everything by default

• SQL needed structure

• %CPU utilization is a lie

• Unix conspiracy

• Building an AI server on a budget ($1.3K)

• The modern software stack

Teams with shared staging environments often face high contention and slow development velocity. Instead of a "blame game," you can give every developer a dedicated, on-demand testing environment - without needing to duplicate the entire stack. This innovative approach allows your teams to test in parallel, eliminating contention and reducing release delays. See how modern dev teams are solving the staging environment bottleneck.

Learn how Signadot helps solve this problem.

Tutorials of the week

• Automating daily AWS tasks with n8n and MCP

• SQL injection in the Postgres MCP server

• Why I ditched Docker for Podman

• Docker to Kubernetes: the 30-day migration path

• How in-memory caching works in Redis

• Implementing Vector search from scratch

• How to create a secure CI/CD pipeline using Okta Terraform

• 20 daily Linux commands SA uses in production

• Top 30 ArgoCD anti-patterns to avoid when adopting GitOps

• Traces with Tempo and profiling with Pyroscope

• Writing a Load Balancer from scratch in 250 line of code

Video of the week

📘 New Book: Practical FinOps

This book is written from years of running FinOps at scale: what worked (and what didn’t) is now in this book.

Projects of the week

• Kubewall is an open-source, single-binary Kubernetes dashboard with multi-cluster management & AI integration.

• Fleet is an open-source platform for IT and security teams with thousands of computers.

• ToolHive is the easiest way to discover, deploy, and manage MCP servers.

• Git Laugh Track is a fun and lightweight tool that adds a sitcom laugh track to your Git workflow.

• TrailScraper is a command-line tool to get valuable information out of AWS CloudTrail and a general-purpose toolbox for working with IAM policies

• WarmUp solves cold starts by creating a scheduled lambda that invokes all the selected service lambdas in a configured time interval and forcing your containers to stay warm.

• GhBuster is a tool that detects suspicious GitHub repositories and users using heuristics.

Meme of the week