Alan Shimel

The Shai-Hulud worm hit npm, GitHub, and CI/CD pipelines, exposing critical DevOps supply chain risks. Here’s what it means for pipeline security.

At swampUP 2025 in Napa Valley, JFrog co-founder and CTO Yoav Landman joined Alan to reflect on the company’s latest announcements and the broader At swampUP 2025 in Napa Valley, JFrog co-founder and CTO Yoav Landman joined Alan Shimel to reflect on the company’s latest announcements.

Named after Dune’s legendary sandworms, the Shai-Hulud attack marks the third major NPM incident in recent memory — and one of the most dangerous.Attackers compromised multiple packages, some impersonating CrowdStrike modules, to spread a self-replicating worm aimed at stealing credentials.This incident underscores a growing reality:Software supply chains are a prime target.Trust must be backed by verification.SBOMs, signed publishing, MFA, and audits are becoming baseline requirements.Get the full analysis and expert commentary here 👉 [link]#DevOps #DevSecOps #SupplyChainSecurity

At JFrog’s SwampUP 2025, governance and compliance took center stage—positioning DevGovOps as essential for responsible AI adoption.

The DevOps Dozen 2025 awards are open. Celebrate community leaders and tools shaping DevOps, from AI to Platform engineering and nominate now!

Atlassian’s acquisition of The Browser Company signals the rise of AI-first browsers: A new battleground for DevOps and enterprise workflows.

DevOps has always been more than pipelines, speed, or tools—it’s about people, culture, and shared responsibility.In a heartfelt piece on DevOps.com, we reflect on the influence of John Willis, one of the true pioneers of the movement. From co-creating CAMS (Culture, Automation, Measurement, Sharing) to reminding us that “security is behavior”, John continues to shape how we think about DevOps and DevSecOps.His latest focus on DASP (DevSecOps Automated Security Patterns) is another example of grounding innovation in cultural alignment, not just technology.For many in the community, John is the True North—a compass bringing us back to what matters most.Read the full piece here 👉 [link]#DevOps #DevSecOps #CAMS #DASP #Culture #Leadership #Community #TrueNorth

CISA is sounding the alarm: The U.S. has a national gap in software understanding.But here’s the truth—this isn’t just a federal problem. It’s a DevSecOps problem.You can’t secure what you don’t understand, and you can’t defend what you can’t see.From SBOMs to end-to-end traceability across pipelines, artifacts, and runtime environments, DevSecOps is where this visibility gap can actually be closed. But it won’t happen overnight. It’s a multi-year effort requiring policy, collaboration, and sustained commitment.If we follow through, this won’t just strengthen national security. It will redefine software trust across industries.Full breakdown 👉 [link]#DevSecOps #SoftwareSecurity #SBOM #SupplyChainSecurity #CISA #Cybersecurity #DevOps #SoftwareSupplyChain

Too many tools. Too many claims. Too much noise.That’s been the DevOps story for years — until now.Today, Futurum Signal goes live. Not another quadrant. Not another once-a-year PDF. Futurum Signal is real-time, AI-powered market intelligence built on millions of user reviews, public data, and analyst expertise.Want to know which platforms are truly delivering value vs. just delivering slide decks? Futurum Signal cuts through the noise. [Insert Article Link]Sometimes, you have to stop tinkering and let your creation fly. For Futurum Signal, that moment is today.

Post 1 – Oversight in the Age of Agentic AIAgentic AI is moving fast into the DevOps pipeline — promising to generate, test, deploy, and monitor software at machine speed. But handing over the keys entirely to AI is risky.As DevOps.com highlights, without human oversight, errors, vulnerabilities, and compliance failures could propagate at scale.The takeaway: AI should accelerate delivery, not replace judgment. Humans still play a vital role in steering pipelines with context, accountability, and trust.Read why human-in-the-loop DevOps is essential: devops.com/keeping-humans-in-the-loop-why-human-oversight-still-matters-in-an-ai-driven-devops-future#DevOps #CICD #Automation #AIinDevOpsPost 2 – Collaboration, Not ReplacementAI is fantastic at execution and optimization — but DevOps still needs human context and governance.As explored in DevOps.com, the future isn’t about removing humans from the pipeline. It’s about redefining their role: setting architecture, enforcing compliance, applying ethical