Operations | Monitoring | ITSM | DevOps | Cloud

Inside Atlassian's Merge Queues: How we ship faster with fewer incidents

At Atlassian, we use Merge Queues to ship frequent changes with confidence and streamline pull request merges. Across some of our busiest codebases, Merge Queues have sharply reduced incident frequency and turned merging from a stressful bottleneck into a background task. Today, most of our largest repositories rely on Merge Queues—over 70 large repos across products like Jira, Rovo, Trello, and others—having safely landed 30,000 pull requests since adopting Merge Queues Beta last quarter.

The 2026 software supply chain security gap

AI-generated code is now nearly universal. Enforcement is not. That gap is where your software supply chain is most exposed. Cloudsmith's CEO Glenn Weinstein, Co-Founder & CTO Lee Skillen, and VP of Product Alison Sickelka join Product Marketing Manager Meghan McGowan to unpack the 2026 State of Artifact Management report – a survey-based look at how AI development is reshaping the threat landscape, what organizations are getting wrong, and what the highest-leverage fix actually looks like.

Accelerating AI Agent Development on Google Cloud with JFrog MCP Registry

Developers building agentic AI on Google Cloud have powerful infrastructure at their fingertips: Gemini 3 for reasoning, Google’s Agent Development Kit (ADK) for orchestration, and a rapidly expanding ecosystem of Model Context Protocol (MCP) servers that connect agents to data and tools. So why are so many teams still waiting weeks to ship their first agent to production?

Shipping trustworthy code with Chunk CLI

AI coding agents are fast. They generate functions, refactor modules, and wire up boilerplate faster than any human. What they don’t do by default is enforce the conventions a specific team has agreed on: the lint rules, the review patterns that senior engineers flag on every PR. A generated diff looks clean until someone runs CI or reads it carefully.

The Hidden Cost of DIY DevOps: Why Growing Companies Bring in the Experts

Companies are scaling faster than ever, but infrastructure rarely keeps up with the product. When developers take on operational work on top of everything else, it feels like a smart way to cut costs. In practice, it's one of the most expensive mistakes a growing software team can make. This article breaks down what DIY DevOps actually costs and how a structured approach changes the equation.

Cloudsmith raises $72M Series C to secure the AI software supply chain

Cloudsmith raised $72 million in Series C funding, led by TCV and Insight Partners, to build the operating system for the modern software supply chain. AI agents are writing code faster than teams can secure it. That shifts the risk calculus because more software, built faster, means more attack surface. Artifact management is the control point between every software producer and consumer, and it's where Cloudsmith sits.

Under the Hood: Engineering JFrog Premium Availability

In the modern software factory, 99.9% uptime is no longer the gold standard. A standard 99.9% SLA translates to approximately 43 minutes of unexpected downtime per month. While industry data shows that a single minute of downtime costs an average of $9,000, for large global enterprises, that figure can easily be 5x higher. At tens of thousands of dollars per minute, those 43 minutes quickly compound into a catastrophic financial and operational risk.

Terminal dependencies for CircleCI workflows: Always run what matters

When a job fails, gets canceled, or never runs, the work that still needs to happen afterward (cleanup, notifications, teardown) has no clean way to trigger. There is no easy way to express “run this no matter what” in your pipeline config without duplicating jobs or adding fragile workaround branches. Terminal jobs change that.

Introducing on-demand Pipelines: run pipelines via API

Your CI/CD pipeline doesn’t have to live in a YAML file anymore. With on-demand pipelines, you can generate pipeline definitions programmatically, from scripts, services, or automation tools – and execute them instantly via the Pipelines API. No commit. No pull request. No static configuration to modify. Just build the YAML your situation demands and run it.

Share artifacts between parent and child pipelines

As part of an initiative to increase the flexibility and power of child pipelines, we are happy to announce that Bitbucket Pipelines will now allow you to share artifacts between parent and child pipelines. This feature extends the use-cases for child pipelines, allowing a greater degree of coordination between parent and child and the use of child-pipelines as modular pieces of processing for larger operations with artifacts. Here’s how it works.

Why Your CI/CD Pipeline Needs Deterministic Test Automation

Most CI/CD pipelines have a testing problem that nobody talks about enough. The pipeline runs. The tests pass. The build deploys. And then something breaks in production that the test suite had no business missing. Not a flaky test, not an infrastructure issue. A real gap in coverage that existed quietly for weeks before it mattered. Here's the thing: the pipeline itself is usually fine. The problem is what's feeding into it.

Ansible Conditionals: Complete Guide to when Statements [2026]

Last updated: April 2026 Playbooks that run every task every time aren't really automation. They're scripts. Real playbooks make decisions: only restart a service when its config changed, only install a package on Debian hosts, only send an alert when a prior task failed. That decision-making comes from Ansible conditionals.

How to set up rolling deployments with CircleCI

A rolling deployment updates running application instances in batches, replacing old instances with new ones while the application keeps serving traffic. The concept applies to any system that can run multiple instances of an application, but Kubernetes has it built in as the default deployment strategy. Kubernetes terminates an old pod only after its replacement passes the configured readiness check, so no requests land on an unready instance.

How Engineers Get Leadership Buy-In for Technical Initiatives

Getting leadership to greenlight your technical work isn't about having the right answer, it's about speaking the right language. CircleCI CTO Rob Zuber shares the frameworks he's developed over 12 years for translating engineering priorities into business impact, navigating organizational dynamics, and building the relationships that make buy-in happen before you ever enter the room.

Agent Skills move too fast for git

Last month I was making a change to sx, our CLI. I updated a core flow, adding external catalogs as a source for sx add. Small change. Then came the testing. I knew I was messing with a core flow and wanted to be sure I hadn't broken anything. I spent about forty-five minutes setting up an isolated environment. Spinning up Docker. Fighting with tmux. Getting a clean install state I could run through the TUI a few times. Forty-five minutes of my afternoon that produced zero code. I complained in Slack.

Auto-Generate Tests for Your Codebase with AI (CircleCI Chunk Tutorial)

AI coding tools help you ship features faster than ever, but test coverage often can't keep up. In this video, we show you how CircleCI's Chunk autonomous CI/CD agent finds untested code in your codebase, writes tests to cover it, and opens a pull request for your review. What you'll learn: Chunk works directly inside your CI/CD pipeline, giving it access to your build history, test results, and coverage reports. That means smarter tests, not just more tests.

CircleCI is now available as a Codex plugin

CircleCI is part of the latest wave of Codex plugin integrations, joining the directory alongside other popular development tools like Vercel, Cloudflare, Figma, Notion, Sentry, Hugging Face, Linear, and more. If you’re using Codex, you already know that writing code is rarely the hardest part of your job. It’s the delays, interruptions, and context switching that start when that code breaks on its way to production. The CircleCI Codex plugin closes that gap.

Merge Queues for Bitbucket Cloud, now in open beta

Teams are shipping more code, faster than ever, as they increasingly automate their processes with CI/CD and AI. But high-velocity pull-request workflows and large monorepos, where many PRs are merged continuously, are feeling the pain as they grow: pull requests race to merge before the branch changes again, “green” builds still break due to semantic merge conflicts, and developers are stuck babysitting merges instead of building features.

Introducing Agentic Pipelines: AI automation for chores devs don't want to do

Bitbucket Pipelines has always been an engine for automating more than just CI/CD, but today, Pipelines takes a first step towards a full agentic automation platform for all the manual, tedious, repetitive work that happens before and after code creation. You’ve probably seen the stat: Development teams spend 84% of their day doing things other than building features. A lot of this work is: This work matters, but it’s not very fun.

Building an agentic content production system with Claude Code

This post by an engineer explains how his team uses the.claude folder in Claude Code. The folder is the hidden directory where you store context files, behavioral rules, and automated workflows so Claude understands how to operate in a specific project. He’d set up coding conventions, tool configs, CI integrations. Very engineering-brained. The tool is called Claude Code, so fair enough. I run a web and content team. We write blog posts, tutorials, and technical guides for a living.

Scaling Technical Research: Integrating Proxies into Your Data Operations (DataOps) Pipeline

In the world of Big Data, success depends on more than just algorithms. The quality of the incoming data stream is crucial. When a company scales its technical research, it inevitably encounters barriers such as CAPTCHAs, geoblocks, and anti-fraud systems.

Without RBAC for Agent Skills and MCP, your entire organization basically has root access to your company

Let me paint a picture. Your company has rolled out Claude or ChatGPT as the standard AI tool. You've connected MCPs to Stripe, your HRIS, Datadog, your CRM, and Slack. A senior engineer set this up because they needed to answer hard cross-system questions and it works beautifully. Now a marketing intern sits down, opens the same LLM harness with the same MCP config, and types "show me revenue by customer for the last 12 months." They get it.

(AusBiz) JFrog teams up with Nvidia to manage AI agents

AI agents are making real-time decisions inside enterprises right now; pulling code, accessing tools, executing tasks. But most businesses have zero visibility into what those agents are actually using. In this interview on @ausbizTV, Sunny Rao, SVP APAC at JFrog, explains why the governance gap is one of the biggest risks facing enterprises today; and how JFrog and NVIDIA are building the trust layer to fix it.

OpenTelemetry Trace Testing for CI Release Gates

OpenTelemetry is great at answering one question: “what just broke?” The problem is that most teams need a different answer first: “what is about to break in this release?” That is where trace-based testing comes in, especially for teams running a vendor-neutral OTel stack (Collector + Tempo/Jaeger + Prometheus) and needing deterministic release gates.

7 AI productivity lessons from the CTO of Superhuman

Most companies have built AI into their product by now, and many consider it the central feature of what they’re building. But plenty of those same companies are still figuring out how to get their own engineering teams to actually use AI tools day to day. When Loïc Houssier joined Superhuman as CTO in early 2025, his team was in that exact spot. The company had been shipping AI email features for years, but internal adoption of AI dev tools was still early.

Rovo Chat in Bitbucket now understands your Pipelines

Why did your build fail? Ask Rovo, get a clear answer, and even a way to fix it, from anywhere in Bitbucket Pipeline debugging is one of the most common and most painful parts of the development workflow. In our Atlassian research: AI adoption is rising, but friction persists, over 50% of developers reported losing more than 10 hours each week searching for information, onboarding to new code, or toggling between apps.

RalphCI: The Self-Healing AI Coding Loop That Automatically Fixes CI Failures

RalphCI is an open-source, CI-enabled agentic coding loop built by the Loop Lab at CircleCI. You write a spec, and the agent breaks it down into tasks, builds your application step by step, commits to GitHub, and runs your full CI pipeline on every iteration. If anything fails—linting, tests, security scans, missing files—a CI Doctor sub-agent detects the failure, reads the stack trace, and fixes it automatically. In this video, Ryan Hamilton demos RalphCI by building a classic Snake game end-to-end with zero manual coding.

SAS Enhances Security and Compliance with the JFrog Platform

This video features Brett Smith, a distinguished software developer at SAS Institute, discussing how the company secures its software production pipelines for its flagship AI and machine learning platform, SAS Viya 4. SAS initially utilized JFrog Artifactory for managing Java-based Maven and Ivy artifacts. To address the increasing need for robust security and compliance with global regulations, the company expanded its partnership with JFrog by integrating additional security tools to protect their delivery pipelines.

The Atlassian Rovo MCP Server now supports Bitbucket Cloud

The Atlassian Rovo Model Context Protocol MCP Server now supports Bitbucket Cloud. AI clients like Claude, ChatGPT, Cursor, and VS Code can now browse repositories, create commits, open pull requests, and check pipeline results, all through the same secure MCP connection that already works with Jira and Confluence.

Enable self-service environments with Harness Internal Developer Portal

Learn how to enable self-service environments with an internal developer portal (IDP) and CI/CD automation. You’ve automated deployments with Harness CD, but what about the environments those deployments run on? In this quick demo, see how Harness Environment Management completes the picture by making environments self-service, standardized, and fully lifecycle-managed. Together, CD + Environment Management close the loop on modern software delivery.

From Datadog to CI Tests: Catch Regressions Before Deploy

I worked in observability for years, and the same pattern showed up across teams. An alert fired, the on-call rotation scrambled, and everyone did what they had to do to stabilize production. Then came the retrospective. Once the immediate pressure was gone, the conversation shifted to one question: how do we make sure this never happens again? My friend Jade Rubick coined a name for that principle: DRI, “don’t repeat the incident”.

Ansible vs Terraform Explained: Key Differences for Modern Infrastructure Automation | Harness Blog

If DevOps teams mix up the roles of Ansible and Terraform, deployment pipelines can become unreliable. Manual handoffs slow down changes, and audits may find gaps where responsibilities overlap. Each tool solves different problems, so using them correctly avoids delays and compliance risks. Are you dealing with scattered provisioning and configuration workflows?

Introducing: Final Steps in Bitbucket Pipelines

If you’ve ever run a pipeline, you’ve certainly encountered the following situation: The pipeline fails halfway through, and the cleanup script you needed at the end to tear down test infrastructure or archive the logs never gets to run. Until now, there was no built-in way in Bitbucket Pipelines to guarantee that a step always executes at the end of your pipeline, regardless of what happened before it. Today, we’re fixing that.

npm axios attack - What happened and how to protect your supply chain

100M+ weekly downloads. One compromised maintainer account. A remote access trojan in two active release branches. This is a 30-minute breakdown of the Axios npm supply chain attack – how it happened, why it was hard to detect, and what any engineering team can do right now to reduce exposure. Nigel Douglas, Head of Developer Relations at Cloudsmith, is joined by Jenn Gile, co-founder of Open Source Malware, a community-driven threat intelligence platform focused on malicious open source packages.

The pipeline that never reached production | Harness Blog

Modern CI/CD platforms allow engineering teams to ship software faster than ever before. Pipelines complete in minutes. Deployments that once required carefully coordinated release windows now happen dozens of times per day. Platform engineering teams have succeeded in giving developers unprecedented autonomy, enabling them to build, test, and deploy their services with remarkable speed. Yet in highly regulated environments-especially in the financial services sector-speed alone cannot be the objective.

Ending the Chaos of CLI Version Drift: Introducing the JFrog CLI Control Manager

In a large-scale DevOps environment, small discrepancies lead to massive headaches. You’ve likely experienced it: a script runs perfectly on a developer’s laptop but fails in the production pipeline. You spend hours hunting for the cause, only to discover a mismatch in CLI versions. At JFrog, we know the JFrog CLI is vital to your automation, but managing it manually across thousands of users and pipelines is a hurdle that slows you down.

Cost Awareness in CI/CD Pipelines: A FinOps Guide | Harness Blog

This guide walks through practical ways to embed cost awareness directly into CI/CD workflows so development teams can make cost-informed decisions before deployment. You’ll learn how to implement automated cost feedback loops, introduce pipeline budget guardrails, and use Harness Cloud Cost Management to align DevOps velocity with FinOps accountability.