Iac – Carlos Castro

Isis Project (DevOps)

Posted on February 10, 2021August 16, 2024 by ccastro

This post walks you through a fully infrastructure as a code stack, we gonna use few tools to help us to setup the entire environment in Azure. Applications Prometheus Grafana DNS record Tools Kubernetes Cluster (AKS) Terraform Helm First of, we need to create our K8S cluster and to do Continue Reading

How to upgrade the AKS version via CLI

Posted on August 6, 2020August 16, 2024 by ccastro

To upgrade the Azure Kubernetes Service version via command line is easy. Follow these steps below and be happy ???? First you need to login into your Azure account Then select your subscription To see current version: It takes some time, after that you can run again the command to Continue Reading

Azure SNAT Port Exhaustion

Posted on June 30, 2020August 16, 2024 by ccastro

SNAT port exhaustion can be something hard to visualize in Azure portal, first we need to have a standard loadbalancer, the basic one doesn’t have this feature, for who have the basic loadbalncer it’s necessary to call to Microsoft Support and check your number of snat used, which is really Continue Reading

Visual Studio Code

Posted on June 8, 2020October 26, 2020 by ccastro

Hello everyone, I hope you all are doing well. Today I had to search something about Visual Studio Code and then I decided, why not start the blog with some tips about VS Code? VS Code is a powerful IDE to code anything you want in whatever language you like. Continue Reading

‘PackageGate’ Vulnerabilities Can Let Attackers Bypass Shai-Hulud Defenses January 30, 2026

In the wake of the massive Shai-Hulud supply chain attack that ripped through npm late last year and compromised more than 700 packages and exposed 25,000 repositories, developers in the JavaScript world embraced a two-part defense strategy. The widely adopted playbook called for disabling lifecycle scripts and using lockfiles. “It became the standard advice everywhere […]

Opsera Report Highlights DevOps Challenges Created by AI Coding Tools January 29, 2026

An analysis published today by Opsera, a provider of a DevOps platform, finds that while adoption of artificial intelligence (AI) coding tools has increased developer productivity they also create more duplicate code, resulting in 15 to 18% more security vulnerabilities per line of code compared to code created by a human developer. Overall, the Opsera […]

AWS CodeBuild Webhook Misconfiguration Exposed Admin Access Risk January 29, 2026

AWS fixed webhook filter misconfigurations in CodeBuild that could have allowed unauthorized repository access. No customer impact or malicious code found.

Open-Source Coding Agents Just Got Accessible January 29, 2026

Ai2’s open-source SERA coding agents slash the cost of training repository-aware AI, enabling teams to customize high-performance coding agents on private codebases for as little as $400.

Why Responsible AI Isn’t Optional in DevOps – It’s the Next Frontier of Ownership January 29, 2026

As AI takes on decision-making roles inside CI/CD pipelines, DevOps teams face a new challenge: Accountability. This article explores why responsible AI governance is now a core DevOps responsibility and a leadership imperative.

Software Supply Chain Threats Are on the OWASP Top Ten—Yet Nothing Will Change Unless We Do January 28, 2026

Software supply chain security is steadily moving to the forefront of cybersecurity conversations. In the past, it has been overshadowed by a focus on malware outbreaks, ransomware, endpoint protection, and application vulnerabilities. That changed this month, when OWASP elevated software supply chain failures to third place on its 2025 Top 10 list. The OWASP Top […]

Apiiro Guardian Agent Prevents AI Models From Generating Insecure Code January 28, 2026

Apiiro launches Guardian Agent, an AI security agent that rewrites prompts in real time to prevent insecure code from ever being generated, reducing vulnerabilities without slowing developers.