#gitops-and-rbac

#gitops-and-rbac

The most dangerous assumption in quality engineering right now is that you can validate an autonomous testing agent the same way you validated a deterministic application. When your systems can reason, adapt, and make decisions on their own, that linear validation model collapses.

We restricted API access for build identities as a security improvement but failed to provide an early notice for customers that relied upon this for various automations. We're rolling it back temporarily. The restriction will be re-enforced on April 15, 2026.

S3 Files is built on Amazon EFS and automatically translates file system operations into S3 requests, allowing applications to work with S3 data without code changes.

Over the past decade, software development has been shaped by two closely related transformations. One is the rise of devops and continuous integration and continuous delivery (CI/CD), which brought development and operations teams together around automated, incremental software delivery. The other is the shift from monolithic applications to distributed, cloud-native systems built from microservices and containers, typically managed by orchestration platforms such as Kubernetes.

Almost a quarter of those surveyed said they had experienced a container-related security incident in the past year. The bottleneck is rarely in detecting vulnerabilities, but mainly in what happens next. Weeks or months can pass between the discovery of a problem and the actual implementation of a solution. During that period, applications continued to run with known risks, making organizations vulnerable, reports The Register.

Industry professionals are realizing what's coming next, and it's well captured in a recent LinkedIn thread that says AI is moving on from being just a helper to a full-fledged co-developer - generating code, automating testing, managing whole workflows and even taking charge of every part of the CI/CD pipeline. Put simply, AI is transforming DevOps into a living ecosystem, one driven by close collaboration between human judgment and machine intelligence.

GitHub engineers recently traced user reports of unexpected "Too Many Requests" errors to abuse-mitigation rules that had accidentally remained active long after the incidents that prompted them. According to GitHub, the affected users were not generating high-volume traffic; they were "making a handful of normal requests" that still tripped protections. The investigation found that older incident rules were based on traffic patterns that were strongly associated with abuse at the time, but later began matching some legitimate, logged-out requests.

For years, reliability discussions have focused on uptime and whether a service met its internal SLO. However, as systems become more distributed, reliant on complex internet stacks, and integrated with AI, this binary perspective is no longer sufficient. Reliability now encompasses digital experience, speed, and business impact. For the second year in a row, The SRE Report highlights this shift.

Central to the GA release is Agentic Chat. This functionality builds on the previously introduced Duo Chat but goes a step further by leveraging context from virtually every part of GitLab. Think of issues, merge requests, CI/CD pipelines, and security findings. Agentic Chat can not only advise, but also actually perform actions on behalf of developers, depending on the rights and approvals that have been set.

DBmaestro is a database release automation solution that can blend the database delivery process seamlessly into your current DevOps ecosystem with minimal fuss, and without complex installation or maintenance. Its handy database pipeline builder allows you to package, verify, and deploy, and gives you the ability to pre-run the next release in a provisional environment to detect errors early. You get a zero-friction pipeline, which is often not the case with database delivery process.

Custom agents in GitHub Copilot are tailored versions of the Copilot coding agent that you can define once to follow your own workflows, coding conventions, and tool preferences. They act like specialized teammates that consistently apply your team's standards instead of you repeating the same instructions each time. You configure custom agents using Markdown-based agent profiles that specify prompts, tools, and behaviors.

The Harness Resilience Testing platform extends the scope of the tests provided to include application load and disaster recovery (DR) testing tools that will enable DevOps teams to further streamline workflows.

Blue/green deployments on Amazon Elastic Container Service (Amazon ECS) have long been a go-to pattern for shipping zero-downtime deployments. Historically, the recommended approach in the AWS Cloud Development Kit (AWS CDK) was to wire ECS to AWS CodeDeploy for traffic shifting, lifecycle hooks, and tight integration with AWS CodePipeline. In July 2025, Amazon ECS launched built-in blue/green deployments. This allows you to operate directly within the ECS service, without requiring the use of Amazon CodeDeploy.