InfoQ Homepage DevOps Content on InfoQ
-
AWS Introduces Exportable Public SSL/TLS Certificates
AWS has recently announced exportable public SSL/TLS certificates from AWS Certificate Manager, addressing a long-standing community request and allowing users to export certificates with their private keys for use beyond managed services on AWS.
-
New Crypto-Jacking Attacks Target DevOps and AI Infrastructure
Security researchers at Wiz have uncovered a sophisticated crypto-jacking attack targeting publically accessible API servers for several popular DevOps tools. Similarly, researchers at Sysdig have uncovered an attack on the popular AI tool Open WebUI using many of the same techniques and crypto-miners.
-
AWS Introduces Extended Threat Detection for EKS via GuardDuty
AWS has expanded GuardDuty’s threat detection capabilities on EKS clusters, introducing new runtime monitoring features that use a managed eBPF agent to detect container-level threats.
-
CNCF Graduates in‑toto, Bolstering Software Supply Chain Security
On April 23, 2025, the Cloud Native Computing Foundation (CNCF) announced the graduation of in‑toto, a framework designed to enforce supply chain integrity by ensuring that every step in the software development lifecycle, such as building, signing, and deployment, is properly authorized and verifiable.
-
Microsoft Azure Enhances Observability with OpenTelemetry Support for Logic Apps and Functions
Microsoft has expanded OpenTelemetry support in Azure Logic Apps and Functions, enhancing observability and interoperability across platforms. This open-source framework enables seamless data generation and correlation, enhancing diagnostics beyond standard telemetry. With streamlined configuration and integration, Azure's offerings aim for standardized observability across cloud services.
-
AWS Shield Network Security Director: Network Topology Visibility and Remediation Guidance
Introducing AWS Shield Network Security Director: a game-changer in DDoS protection and network security visibility. This innovative feature automates resource discovery, evaluates configurations against best practices, and prioritizes security findings. With actionable remediation steps and natural language queries via Amazon Q Developer, organizations can enhance their security posture.
-
Docker Launches Hardened Base Images
Docker has launched its Docker Hardened Images (DHI), a security-focused range of base images that reduce vulnerabilities by up to 95%. Built using a distroless approach, these minimal images eliminate unnecessary components, offering automatic patching and compatibility with existing Dockerfiles. Ideal for regulated environments, DHI enhances software supply chain security and transparency.
-
Innovation Sandbox on AWS: Provisioning and Managing Temporary Environments
AWS has recently introduced Innovation Sandbox on AWS, a new open source solution for managing AWS sandbox environments through a web user interface. This solution enables developers to provision and manage secure, cost-effective, and recyclable temporary sandbox environments.
-
AWS Open-Sources Smithy API Models for Public Access and Developer Tooling
AWS has unveiled public access to its comprehensive API models, delivering daily updates and open-source resources via GitHub. By utilizing Smithy, AWS aims to empower developers to build custom SDK clients, server stubs, and innovative tools, enhancing integration and understanding of AWS APIs. Explore the potential of API development with these powerful new tools!
-
GitHub CLI Enhances Support for Triangular Workflows
In April 2025, GitHub announced an update to its Command Line Interface (CLI), introducing enhanced support for triangular workflows - a common pattern among open-source contributors who work with forked repositories.
-
AWS CDK Toolkit Library Now GA for Automated Infrastructure Management
AWS has recently announced the general availability of the CDK Toolkit Library. This new Node.js library allows developers to programmatically control the CDK to build additional automation around the CDK, exposing classes and methods to synthesize, deploy, and destroy stacks, among other capabilities.
-
Amazon API Gateway Adds Dynamic Routing Based on Headers and Paths
AWS's new dynamic routing rules for Amazon API Gateway empower developers to streamline API traffic management by routing requests based on HTTP headers without complex URL structures. This innovative feature simplifies API versioning, enables fine-grained control, enhances A/B testing, and improves request visibility, making API configurations more efficient and user-friendly.
-
AWS CodeBuild Introduces Docker Server Capability to Accelerate CI/CD Pipelines
On May 15, 2025, AWS announced a significant enhancement to its CodeBuild service: the Docker Server capability. This new feature allows developers to provision a dedicated and persistent Docker server within their CodeBuild projects, aiming to streamline and expedite the Docker image build process.
-
GitHub Unveils Prototype AI Agent for Autonomous Bug Fixing
GitHub unveils a groundbreaking AI coding agent that autonomously identifies bugs and proposes fixes via pull requests, marking a shift towards independent code maintenance. Leveraging advanced semantic analysis and vulnerability libraries, this tool aims to alleviate developers' workload, allowing them to prioritize complex problem-solving.
-
AWS Unveils Independent European Governance and Operations for European Sovereign Cloud
AWS unveils its European Sovereign Cloud, launching in Brandenburg, Germany, by 2025, with strict EU governance and a focus on digital sovereignty. This initiative features an EU-controlled parent company, dedicated Security Operations Center, and customer data residing exclusively in the EU, ensuring compliance and operational autonomy while leveraging AWS's innovative cloud services.