Operations | Monitoring | ITSM | DevOps | Cloud

In early October, Red Hat disclosed a breach of a GitLab system used by its Consulting division. Threat actors claim to have exfiltrated hundreds of gigabytes of project data — and while investigations are still underway, reports suggest consulting engagement artifacts may have been impacted. For the organizations involved, the concern isn’t limited to reputational damage.

When thinking about imperative infrastructure commands and Day 0 tasks for provisioning infrastructure, Ansible is an oft-mentioned tool that has been popular among practitioners for its easy YAML syntax and agentless architecture. You might have used Ansible to get your infrastructure started or for other “one-and-done” infrastructure automation scenarios.

Whether you are an all-in vibe coder or AI skeptic, you probably know that most software developers are now incorporating AI into their day-to-day process.

Infrastructure teams manage not only servers and cloud resources, but also complex network environments. Routers, switches, and firewalls…often from multiple vendors with many models and versions. The devices require a consistent configuration and strict compliance enforcement to meet enterprise requirements.

Infrastructure automation is evolving… and so is Puppet! While Puppet has long been known for its strength in Day 2 operations through agent-based desired state configuration, Puppet also extends across Day 0 and Day 1 tasks. With Puppet Edge, you can target network devices alongside your existing infrastructure, enabling your teams to manage more scenarios, more devices, and more workflows. All from a single platform.

The launch of Puppet Edge this week could not have been more timely. Within a day of its general availability, Cisco disclosed a vulnerability in its IOS and IOS XE software, followed almost immediately by an Event Response detailing two additional critical-severity CVEs affecting its firewalls.

Speed vs security has long been treated as an impossible choice: move fast and risk instability, or stay safe and fall behind. For DevOps, DevSecOps, and Governance, Risk, and Compliance (GRC) leaders, that tension often plays out between the demand to ship updates quickly and the need to maintain airtight security and compliance.

The rate at which vulnerabilities are being exploited is on the rise. The VulnCheck company, which specializes in vulnerability intelligence, found that in Q1 2025, 28.3% of vulnerabilities were exploited within 1 day of CVE disclosure. Keeping your systems up to date is more important than ever. The reality is that many security teams are running scans and then exporting to giant spreadsheets, which are “tossed over the wall” to the Operations team with little context.

The gap between security operations and IT operations poses significant risk. It’s increasingly clear that DevOps leaders, IT managers, and enterprise teams face an uphill battle to manage growing threat complexity, endless patches, and compliance requirements while operating in silos. Bridging this gap is essential to effectively manage risks and enhance operational efficiency.

Since announcing changes to our OSS plans as well as introducing the new licensing starting with PDK 3.5.0, the team has received questions from the community around how the changes will affect them. In this article, we’ll highlight some helpful resources about how you can develop and contribute to modules on the Forge and ensure compatibility with Puppet Core and Puppet Enterprise.