Secret leakage in public GitHub repositories increasing, claims new report

A report on secret leakage in source code claims that the problem is worse than ever, with 12.8 million new secrets leaked in GitHub...

Test launch of TEA open source reward project clouded by repository spam attack 

A project set up to reward open source developers has stumbled after scammers that targeted GitHub repositories in search of crypto rewards made meaningless...

From Docker to Dagger: Solomon Hykes on modernisation of the DevOps pipeline

Solomon Hykes, who started the original Docker project in 2010 and co-founded the Docker company in 2011, has spent the past five years trying...

Enterprises struggle with Agile methodology, reports long-standing survey of practitioners

The 17th State of Agile report, which claims to be the longest-running survey on the topic, states that “Agile is having difficulty adapting,” as medium...

Spotlight on GitHub self-hosted runners again as researcher demonstrates attack on PyTorch code

A researcher found that Meta’s popular open source PyTorch framework used self-hosted runners in its GitHub repository, against best practice, and was able to...

PyPy moves from Mercurial, says ‘open source has become synonymous with GitHub’

The PyPy project, which implements the Python language but runs around four times faster, has shifted its primary repository and issue tracker to Microsoft-owned...

Where next for Jamstack? Netlify survey avoids the word, highlights rise of Astro

Netlify has published its State of Web Development report, which a post states was formerly the Jamstack Community Survey – but the latest edition...

Docker buys AtomicJar to integrate container-based test automation

Docker has bought AtomicJar along with its Testcontainer projects, giving Docker a better test story but raising concerns about future licensing costs and support...

AWS promotes cell-based architecture for ‘resilience at scale’

Attendees at the Amazon Web Services' re:Invent conference, well under way in Las Vegas this week, were encouraged to consider cell-based architecture for resilience...

How to fix the biggest obstacle to developer productivity: dysfunctional organizations

“Every day, people badge in, buzz in, swipe in, scan in, sign in, or otherwise just walk into their places of work. From that...

Yarn 4.0 ups security, ease of use and performance – but is it enough to win back users?

The Yarn team is releasing version 4.0, the first major one since July 2021. New features include a Hardened Mode with extra security, tidier...

Microsoft-sponsored Radius project aims to mitigate “limitations of Kubernetes”

The Microsoft Azure Incubations Team has introduced an open source (Apache 2.0 license) platform called Radius, designed for deploying applications across on-premises, Azure or...

PyPi repo attack: Typesquatting, Starjacking and hidden code aims to pinch credentials and secrets

Researchers at security companies Checkmarx and Phylum have identified malicious packages in the PyPi repository for Python, noting several methods used to disguise the...

Google-sponsored DevOps survey shows limited benefits of AI, return of elite teams

A Google-sponsored DevOps survey shows a widening gulf between the best and worst performing teams, and that the much-hyped AI has yet to deliver...

Security risks of personal access tokens exposed by attacks on GitHub

Hundreds of GitHub repositories, including some in private organizations, have been compromised and malicious code injected, according to a report from application security company...

Survey: how organizations believe AI will change DevOps

The majority of organizations believe generative AI will have a significant impact on DevOps, according to a new survey, thanks to quicker and smarter...