Welcome to this week’s edition of the DevOps Bulletin.

Malware hit PyPI through a poisoned LiteLLM package last week, and the full minute-by-minute response took just 72 minutes from discovery to public disclosure. Dropbox shrank its server monorepo from 87 GB to 20 GB. BeyondTrust got a full DNS reverse shell running inside AWS AgentCore’s supposedly isolated sandbox. And Cursor now has autonomous security agents reviewing over 3,000 PRs a week. Also, IaCConf is back for year two on May 14. If you work with IaC at any level, this is where the real conversations happen.

Tutorials this week cover a one-line Kubernetes fix that saved Cloudflare 600 hours a year, a Postgres upsert that silently quadrupled WAL syncs on every no-op write, simplifying containers with Cloudflare Sandboxes, Terraform drift detection with GitHub Actions, pentesting AWS’s own Security Agent and a practical guide to Go naming conventions.

Open source picks include Augustus, a Go-based LLM vulnerability scanner with 210+ adversarial probes; OpenSandbox from Alibaba for isolated AI agent workloads; TerraVision for automatically generating architecture diagrams from Terraform; LayerLeak for scanning Docker images for leaked secrets; and CISO Assistant, which covers 100+ compliance frameworks in one platform.

All this and more in this week’s DevOps Bulletin, don’t miss out!

IaCConf is the only conference built entirely around infrastructure as code

Year two is here. Come meet your peers who are doing this work at the highest level. Learn what’s actually working and join these real conversations that don't happen at other virtual DevOps events. Don’t miss out. Register now.

Newsworthy stories

• My minute-by-minute response to the LiteLLM malware attack

• Stop enabling every AWS security service

• Reducing our monorepo size to improve developer velocity

• Securing our codebase with autonomous agents

• Pwning AWS AgentCore code interpreter

• The incident challenge

• Debugging Postgres performance

• Harness design for long-running application development

Tutorials of the week

• Simplifying containers with Cloudflare Sandboxes

• Terraform drift detection with GitHub Actions

• A one-line Kubernetes fix that saved 600 hours a year

• Audit-ready infrastructure

• SQL injection through LLM output

• Pentesting a pentest agent: here’s what I’ve found in AWS Security Agent

  

• Kubernetes strategic merge patch

• Artisanal handcrafted Git repositories

• Building reusable custom images for Azure VMs

• Go naming conventions

Videos of the week

Projects of the week

• TerraVision converts Terraform code into professional cloud architecture diagrams using official AWS, GCP, and Azure icons.

• Optio is a workflow orchestration platform for AI coding agents that takes tasks from GitHub Issues or Linear tickets and drives them through to merged PRs, automatically handling CI failures and code review feedback.

• Expect lets AI agents test your code in a real browser. It scans git diffs, generates a test plan, and executes it via Playwright with recorded sessions for replay.

• Elastic Agent Skills is the official skills library that teaches AI coding agents how to work correctly with Elasticsearch, Kibana, and Elastic’s observability and security APIs.

• CISO Assistant is an open-source GRC platform covering risk assessments, compliance tracking across 100+ frameworks, and third-party risk management in a single interface.

• LayerLeak is a Docker Hub and OCI image secret scanner written in Go that analyzes image layers, config metadata, and build history without requiring a local Docker daemon.

• Augustus is a Go-based LLM vulnerability scanner that runs 210+ adversarial probes across 47 attack categories, including jailbreaks, prompt injection, and data extraction.

• OpenSandbox is Alibaba’s sandbox platform for AI agent workloads, providing isolated code execution with gVisor, Kata Containers, and Firecracker microVMs.

Meme of the week