Operations | Monitoring | ITSM | DevOps | Cloud

Penetration testing is a type of software testing where skilled security professionals attempt to breach an organization’s systems and networks to identify vulnerabilities before malicious actors can exploit them.

With built-in CI/CD, native security tools, integrated planning, and AI agents, Bitbucket Cloud helps organizations accelerate productivity, improve engineering standards, and enhance collaboration across developers, operations and business teams. Moving to the cloud also helps lower costs by freeing up hardware budgets and IT resources. And you can rest easy knowing developers will stay productive on a secure and reliable platform. Curious about exploring a migration to Cloud?

SLSA (Supply-chain Levels for Software Artifacts, pronounced ‘salsa’) is a progressive, industry-backed software security framework that safeguards software integrity throughout the development and delivery lifecycle. SLSA adoption is ramping up in industries where trust isn’t optional. As dependencies proliferate and threats multiply, SLSA provides a solid, structured path to prove that software is secure by design.

Every day, your developers are pushing software. Some of that software will make it to production, but many of those incremental builds will not. While you shouldn’t remove those incremental builds and old release versions haphazardly, if left unchecked, they can clog up your software repositories as well as the workflows and systems they serve.

The way software is written is changing fast. In the past few years, AI coding assistants and large language models (LLMs) have gone from novelty to necessity for many developers. Tools like Cursor, ChatGPT, and custom in-house models are helping teams generate boilerplate, scaffold features, and even build entire apps within minutes. It’s exciting. But it also raises the stakes. When code is written faster, it’s deployed faster.

Cloudsmith’s Enterprise Policy Management (EPM) now supports the Exploit Prediction Scoring System (EPSS), a data-driven metric designed to estimate the probability of a software vulnerability being exploited in the wild. Using EPM in Cloudsmith, you can now use a package’s EPSS score to inform your package workflows, including those around Package Promotion and Package Quarantine.

A benchmark can be interpreted as a standard of comparison used to assess something. In everyday life, for example, when we want to buy a new cellphone and want to know which one is faster, we can see the speed test (benchmark) by measuring how fast the cellphone opens applications or runs games. From there, we can compare which cellphone is better based on the numbers produced.

Recently we introduced support for Failure Strategies, which allows developers to implement more powerful logic and control flow into their workflows. Today, we are excited to announce a new step failure strategy, retry, which can auto-retry your failed steps without requiring any input from the user.