Noros connects to your AWS, GCP, and Azure accounts in 5 minutes and answers questions like “why did my spend spike this month?” in seconds. DevOps Bulletin readers get a free month at launch.

This week, BeyondTrust uncovered a command injection flaw in OpenAI Codex that exposed GitHub tokens, and Claude Code’s source code was leaked through npm source maps. Giant Swarm detailed how they live-migrated hundreds of Kubernetes clusters to the Cluster API with zero downtime.

On the tutorial side: AWS launched S3 Files to let you mount buckets as file systems; Ingress NGINX hit EOL, and Datadog walks through migrating to Kubernetes Gateway API; SpecterOps shows how Claude Code raises the bar for secure code reviews in pentesting engagements. Plus: why you should never let AI near your production database, how Slack replaced custom network tooling with Prometheus for HTTP/3 readiness, a complete Terraform setup for EKS Auto Mode, and the Git commands worth running before touching any unfamiliar codebase.

This week’s open source picks include PentAGI, a fully autonomous AI pentest agent in Go with 14.7k stars; Gardener, which manages Kubernetes clusters at scale across any infrastructure using hosted control planes; keeper, a Go cryptographic secret store; and skrun, which deploys agent skills defined in SKILL.md files as callable REST APIs.

What if you could ask your cloud bill anything?

Why is my spend 5% higher this month?” Noros is the AI agent that answers in seconds. Ask about anomalies, overprovisioned instances, cost spikes, and more across AWS, GCP, and Azure. DevOps Bulletin readers get a free month at launch.

Join the waitlist.

Newsworthy stories

• Open source security at Astral

• Live migrating hundreds of Kubernetes clusters to Cluster API

• OpenAI Codex command injection vulnerability exposes GitHub tokens

• Claude Code source leaked via npm source maps: lessons for every DevOps team

• Trunk-based development: why most teams think they use it (but don’t)

• How we built a real-world evaluation platform for autonomous SRE agents at scale

Tutorials of the week

• Enforcing AI governance across AWS organizations

• Launching S3 Files, making S3 buckets accessible as file systems

• Don’t let AI touch your production database

• I replaced Portainer, Grafana, and Prometheus with this stack

• Leveling up secure code reviews with Claude Code

• The Git commands I run before reading any code

• I let Claude review my PRs: what it caught and missed

• A practical guide for migrating to Kubernetes Gateway API

• A complete Terraform setup for EKS Auto Mode: is it right for you?

• Scalable network probing and HTTP/3 readiness with Prometheus

• Deploying Go apps to Google Cloud Run

Videos of the week

Projects of the week

• keeper is a Go cryptographic secret store that encrypts payloads at rest.

• npm-security-best-practices is a list of security best practices across supply chain attack mitigation, dependency resolution, and vulnerability scanning.

• PentAGI is a fully autonomous AI agent system for penetration testing, packing 20+ built-in security tools.

• tui-use is a tool that lets AI agents control interactive terminal programs (REPLs, debuggers, TUI apps) that normally require a human at the keyboard.

• DriftHound is an app that receives Terraform drift reports via API and provides a centralized dashboard for tracking infrastructure drift across projects.

• Gardener is a Go platform for managing homogeneous Kubernetes clusters at scale across any infrastructure using hosted control planes.

• skrun is a framework that deploys agent skills defined in SKILL.md files as callable REST APIs.

Meme of the week