Operations | Monitoring | ITSM | DevOps | Cloud

It's Time to Rethink Untrusted Code in Your Pipeline | Harness Blog

The catastrophic TeamPCP exploit in March 2026 demonstrated that "open execution" models, in which third-party code runs with full privileges, have made CI/CD pipelines a primary target for global credential harvesting. There are better architectures. On March 19th, the risks of running open execution pipelines — where what code runs in your CI/CD environment is largely uncontrolled — went from theoretical to catastrophic.

Claude Livecaster Is Now Open Source, Plus a Two-Voice Broadcast Mode | CircleCI Loop Lab

Claude Livecaster is now public on CircleCI Research. In this update, Ryan Hamilton walks through the newly open-sourced repo, seven built-in simulation scenarios, and a new two-voice broadcast format featuring an anchor and a field correspondent narrating the action together. The demo scenario: Pipeline Wars, six CI pipelines racing across three providers, with Claude providing live color commentary on every Docker build failure, OOM kill, and production rollout.

We Made Claude Narrate an AI Model Race Like a Sports Commentator | Loop Lab

What if you didn't have to stare at logs while your AI agent worked? In this Loop Lab experiment, Ryan Hamilton built Claude Livecaster, a tool that gives Claude a live voice to narrate long-running agentic processes like a sports commentator. The demo: six AI models (GPT, Gemini, and Claude variants) race through a CI/CD benchmark, and Claude calls the whole thing play-by-play. Rate limit hits, comeback stories, photo finishes, all of it, out loud.

Winning in the AI Era: How Top Teams are Driving Their Velocity Gains with Alloy & Chime

While most teams struggle with the complexity of AI-generated code, Alloy and Chime have built internal cultures and processes that enable them to scale their development while maintaining quality. Join CircleCI’s CTO, Rob Zuber, in conversation with Maciej Makowski, Senior Software Developer at Chime, and Sunny Singh, Senior Software Engineer at Alloy, as they explore the dynamics that set their teams apart. They'll talk through the culture and delivery practices that actually moved the needle.

Announcing the Next Chapter for Bitbucket Pipelines Runners

In December 2025, we announced our intention to introduce pricing for self-hosted runners so we could provide stronger support and keep investing in new features and ongoing improvements. You’ve told us that having a free option is important. As a result, we’re introducing a new operating model that lets you continue using self‑hosted runners for free with the option to upgrade to a paid premium runners tier as your needs grow.

How to Plan a Successful CI/CD Migration Without Disrupting Developers | Harness Blog

Modern engineering teams run on CI/CD. It’s where pull requests get validated, artifacts get produced, and releases get promoted to production. That also makes CI/CD migration very risky because you're not just moving a "tool"; you're moving the workflow that developers use dozens or hundreds of times a day. The good news: disruption is optional.

CI/CD best practices | Harness Blog

Modern software teams are under constant pressure to ship faster without breaking production. That’s why CI/CD best practices have become essential for high-performing DevOps organizations. Continuous integration and continuous delivery (CI/CD) help automate builds, testing, and deployments — but simply installing a pipeline tool isn’t enough. Without the right practices, pipelines become slow, flaky, and difficult to govern.

Deployment strategies: Types, trade-offs, and how to choose

A deployment strategy is the method a team uses to move new code into a production environment. It determines how traffic shifts between versions, how much risk each release represents, and how quickly the team can roll back when something breaks. The choice isn’t academic: a mismatch between strategy and system can mean downtime, failed rollouts, or hours of manual recovery.

Rolling Deployments Explained: Seamless Software Delivery

In this video, Eric Minick from Harness explains the fundamentals of rolling deployments and how they help maintain a seamless user experience during software updates. Key topics covered include: Whether you are looking for simple implementation or consistent application uptime, rolling deployments offer a powerful strategy for modern software delivery. Learn more about Rolling Deployments and Harness Continuous Delivery.

Code Coverage: Measure, Improve, and Scale Quality in CI | Harness Blog

Most engineering teams know the difference between “we have tests” and “we know we’re well-tested.” Your CI builds may be green, but without code coverage, it’s hard to prove how much of your code is actually exercised by automated tests. Code coverage measures what percentage of your code runs during tests (lines, branches, and functions), and when you wire it into CI gates, it becomes an enforceable quality signal and not a vanity metric.

Intelligent Caching for CI/CD Build Optimization | Harness Blog

‍ We've all been there. You push a PR, grab coffee, check Slack, maybe start a side conversation — and your build is still running. Multiply that across a team of 50 engineers, and you're looking at hours of lost focus every single day. Slow CI/CD builds don't just waste time. They generate a steady stream of "CI is slow" tickets that eat into your platform team's roadmap. Intelligent caching is one of the fastest ways to break that cycle.

Parallel Execution in Modern CI: Best Practices & Results | Harness Blog

Definition: Parallel execution in CI is the practice of running independent build, test, or deployment tasks concurrently to reduce feedback time, improve resource utilization, and control infrastructure costs. Developers often spend almost half their time waiting for builds that could be faster. Simply adding more resources is not enough. Real improvements come from planned parallelism, using concurrency together with test intelligence, caching, and strong governance.

CI Pipeline Optimization Guide for Platform Engineering Leaders | Harness Blog

Definition: CI pipeline optimization is the practice of reducing build and test time and the cost per build by running only what matters, reusing unchanged components, and enforcing standardized governance. Platform teams are wasting thousands of hours every year because their pipelines aren't working right. Developers wait 45 minutes for builds. Jenkins consumes 20% of your team's capacity on maintenance.

What are test hooks in AI-native development?

Summary: A test hook connects a test or lint command to an event in your AI coding agent’s workflow. When the event fires, the agent runs the command automatically. If it fails, the agent’s action is blocked. You can wire your existing test commands into your agent’s lifecycle hooks to get deterministic local validation before code ever reaches CI. AI coding agents write code at a pace where stopping to manually run tests breaks your flow.

How to Evaluate a Mobile App Testing Platform

Selecting a mobile app testing platform is a strategic engineering decision. It affects release velocity, defect escape rates, infrastructure costs, and long-term product stability. As mobile ecosystems become more diverse, platform evaluation must move beyond feature comparisons and focus on operational alignment. Mobile environments today include wide variations in device hardware, operating system versions, accessibility configurations, and browser implementations. A testing platform must reflect this complexity if it is to reduce production risk effectively.

How to Optimize Your CI/CD Pipeline with AI (CircleCI Chunk Tutorial)

As AI-assisted coding tools increase the amount of code, commits, and builds, optimizing your CI pipeline becomes more important than ever. In this tutorial, we walk through how to use Chunk, CircleCI’s autonomous agent that validates your code at AI speed, to analyze your pipeline history, identify performance bottlenecks, and suggest optimizations to your CI/CD configuration. Chunk leverages critical CI/CD context like build history, test results, and execution data to keep pipelines healthy and moving at AI speed.

Building a secure golden path: Cloudsmith x Octopus Deploy webinar

What does it take to build a "Golden Path" that developers actually want to use? In this expert-led webinar, Cloudsmith and Octopus Deploy team up to explore the missing link in your software supply chain: turning artifact creation and management into an automated, trust-backed journey from source to ship.

Beyond the build: How DataHub uses Cloudsmith to power worldwide software distribution

You’ve built a world-class platform – now how do you get it into the hands of your users without "download friction"? In this video, we look at how DataHub, the leading open source metadata platform, uses Cloudsmith as its cloud-native distribution engine to deliver high-performance software artifacts to a global audience with zero downtime and zero maintenance.

MCP vs. CLI for AI-native development

Summary: The CLI vs. MCP question is really a question about where you are in the development loop. CLIs fit the inner loop: fast, local, zero overhead. MCP servers fit the outer loop: external systems, shared infrastructure, structured access. Most teams need both. AI has put a new kind of scrutiny on developer tooling. When a developer works alongside an AI coding assistant, the tools that assistant can reach, and how it reaches them, directly affect the quality and speed of the work.

Beyond Mirroring: 5 Reasons Your DevOps Strategy Depends on Repository Federation

For today’s leading enterprise computing environments, the concept of “centralized headquarters” is a relic. Today, R&D happens on different continents, spanning cloud, on-prem and hybrid environments, while stretching across multiple regulatory jurisdictions. But here is the hard truth: Most global organizations are still managing their binaries using legacy mirroring or “blind” infrastructure-level syncing. They treat artifact delivery like a basic file-transfer mechanism.

Why API Documentation Is a Core Engineering Discipline, Not an Afterthought

Developers rarely cite documentation as the most exciting part of building an API. Yet it is frequently the factor that determines whether an integration succeeds in days or drags on for weeks. Poor documentation creates friction at every stage of the API lifecycle. Consumers misunderstand endpoints, send malformed requests and file support tickets that a well-structured reference would have made unnecessary.

You Bought the AI Licenses. Why Is Only One Developer Getting 10x Results?

Here's something nobody talks about at the AI strategy meetings. Your organization just spent six figures on Cursor licenses, Claude seats, and Copilot subscriptions. Ninety percent of your engineers have access. By most internal measures, the rollout was a success. But somewhere on your team, one developer is running circles around everyone else.

AI at Superhuman (before it was cool) feat. Loïc Houssier

What does it actually look like to build an AI-native product and lead an engineering team through the AI era when you've been doing it longer than most? Rob Zuber sits down with Loïc Houssier, CTO at Superhuman, to talk about what it meant to be an AI company before AI was everywhere, and how that early foundation shapes the way they build, ship, and think today.

JFrog Earns Microsoft Solutions Partner with Certified Software Designation for Azure

We’re excited to announce that JFrog has officially earned the Microsoft Solutions Partner with certified software designation for Azure. This status is granted to partners who complete a technical review audit for interoperability with Microsoft products and demonstrate a consistent track record of customer success.

Regression Testing: What it is, why it matters, and how to automate it with CI/CD

Regression testing is the practice of re-running existing tests after a code change to confirm that previously working functionality hasn’t broken. It answers a single question: did this change break something that used to work? In CI/CD pipelines, regression tests run automatically on every commit, giving teams immediate feedback before code reaches production.

OpenTelemetry traces for Bitbucket Pipelines via webhooks

Continuous delivery is only as good as your ability to understand what’s happening inside your pipelines. When a build is slow, flaky, or burning through capacity, you need more than a green/red status and a wall of logs — you need traces. Bitbucket Pipelines now exposes pipeline execution as OpenTelemetry (OTel) traces via webhook events. This lets you stream detailed pipeline spans into your own observability stack and correlate them with the rest of your system. This post walks through.

The modern JFrog alternative: Why ConstructConnect switched to Cloudsmith

Is your artifact management slowing down your development velocity? In this video, we dive into how ConstructConnect migrated from JFrog Cloud to Cloudsmith–the world’s leading cloud-native artifact management platform–to eliminate hidden costs, simplify their CI/CD pipelines, and secure their software supply chain.

The Tide of AI - Surfing the Tsunami of Binaries

AI is creating an overwhelming surge of digital artifacts and software components. The key to success is learning how to ride, secure, govern, and manage that wave – rather than being overwhelmed by it. This weekend, I asked my team to watch Chasing Mavericks. Jay Moriarity (not J-Frog, but stay with me) was one of the most driven and determined surfers imaginable. His courage and spirit were extraordinary. But those virtues were shaped and refined by his mentor, Frosty Hesson.

Cloud-native Android infotainment: your CI pipeline shouldn't depend on hardware

More and more often, infotainment systems are being developed and delivered like software, yet often they are still tested and validated using hardware-centric processes. This is far from ideal: access to devices is limited, environments are difficult to reproduce, and iteration slows down as soon as multiple teams need to work in parallel. These challenges become even more visible as cockpit systems move toward wide displays and high resolutions.

Stop Managing Infrastructure: How BHS Corrugated Scaled Artifact Management with Cloudsmith

Are you spending more time maintaining your artifact servers than building software? In this video, we explore how BHS Corrugated–a global leader in manufacturing technology with a presence in 20 countries–transformed their developer experience by moving from fragmented, self-hosted GitHub repositories to Cloudsmith: the world’s leading cloud-native artifact management platform.