Welcome to this week’s edition of the DevOps Bulletin!

Wiz says one in five vibe-coded apps ship with critical security flaws, while LogSeam shows how to search 500M logs/sec. GitHub is rolling out a stricter npm supply chain, startups are warned against hiring only seniors, and a team shared how they migrated a billion DB records with zero downtime. Over at Databricks, engineers built a smart client-side load balancer that cut pod counts by 20%. Meanwhile, a new free ebook shows how to secure MCP servers with Zero Trust.

On the hands-on side: advanced Postgres indexing, blocking 26M curl requests with eBPF, multi-account Terraform pipelines with GitHub Actions, and GitHub workflow tips. Plus: building secure self-hosted runners on EC2, and even an agentic medical analysis system.

And don’t miss the projects: Replik8s (K8s auditing), Kairos (immutable edge OS images), Harbor Guard (container security scans), Devbox (Nix-powered dev environments), PyOCI (Python packages on OCI), DBOS (workflow orchestration on Postgres), and a remastered Super Mario Bros.

All this and more in this week’s DevOps Bulletin, don’t miss out!

Newsworthy stories

• Wiz discovers one in five organizations is exposed to risks in Vibe-Coded apps

• How LogSeam searches 500 million logs per second

• Hiring only senior engineers is the worst policy in the startup industry

• GitHub plan for a more secure npm supply chain

• How we migrated 1 billion records from DB1 to DB2 without downtime

• Intelligent Kubernetes load balancing at Databricks

• A SQL heuristic: ORs are expensive

• Seven years of Firecracker

• The 500x performance gap between Node.js version managers

Zero Trust for AI: Securing MCP Servers

MCP servers are now among the most privileged components in your AI stack. They represent a fundamental new risk that traditional security controls weren’t designed to address. This ebook provides a practical blueprint for securing MCP servers using externalized, fine-grained authorization.

Download free eBook

Tutorials of the week

• Advanced PostgreSQL indexing

• How I block all 26 million of your Curl requests

• Deploying Terraform to multiple AWS accounts with GitHub Actions

• GitHub workflows tips and tricks

• Build secure GitHub self-hosted runners on EC2 with Terraform

• Building an Agentic medical analysis system

Videos of the week

📘 New Book: Practical FinOps

This book is written from years of running FinOps at scale: what worked (and what didn’t) is now in this book.

Projects of the week

• Replik8s is a modern open-source Kubernetes auditing and investigation tool.

• Kairos allows you to build immutable, bootable Kubernetes and OS images for your edge devices as easily as writing a Dockerfile.

• Harbor is a container security scanning platform that provides an intuitive web interface for managing and visualizing security assessments of Docker images.

• Devbox is a command-line tool that enables you to create isolated development shells easily.

• PyOCI allows you to publish and download (private) Python packages using an OCI registry for storage.

• A Remake/Celebration of the original ‘Super Mario Bros’ games. Features new levels, custom modes, new characters, alongside a whole level editor/custom level system!

• DBOS provides lightweight, durable workflow orchestration on top of Postgres.

Meme of the week