Continuous Spotlight | Jing Chen - CD Foundation Meet Jing Chen, a member of our awesome Continuous Delivery Community and the Ortelius project.

The Ortelius Team is tremendously honored to have Jing Chen as a part of our team. She is an amazing technologist and OS contributor. @cdeliveryfdn.bsky.social https://cstu.io/1bea88

2026 BlogAThon 2026 BlogAThon

The 2026 Ortelius BlogAThon is officially started. Whether you’re just starting out or you’ve been in the trenches of #softwaresupplychainsecurity, we want to hear your voice. Submit a blog between April 1st and July 1st to earn a badge. Learn more at: https://cstu.io/814c6b

Why Jenkins Users Need Post-Deployment Vulnerability Detection and Remediation - CD Foundation Jenkins is great, but with Ortelius, it's that much better. Find out why.

Hey {(urn:li:organization:1846812)[Jenkins project]} - here is how to add post-deployment #CVE detection into your {(urn:li:organization:10549504)[Jenkins]} pipeline - using a digital twin. Easy adoption, big visibility, fast remediation. https://cstu.io/dc2144

Terraform Cloud Drift Detection: How It Works & Setup Learn what Terraform drift is, how Terraform Cloud detects drift, how to enable it, and what to do when drift is found.

Hey #PlatformEngineers, learn about #Terraform Cloud Drift Detection. https://cstu.io/0e3912

2026 BlogAThon 2026 BlogAThon

The 2026 Ortelius BlogAThon is officially started. Whether you’re just starting out or you’ve been in the trenches of #softwaresupplychainsecurity, we want to hear your voice. Submit a blog between April 1st and July 1st to earn a badge. Learn more at: https://cstu.io/814c6b

The {(urn:li:organization:19100461)[Continuous Delivery Foundation]} Delivery Foundation Awards are open - Nominate or self-nominate in general CDF categories, and for each project. @cdeliveryfdn.bsky.social Learn more at https://cstu.io/3cf10f

2026 BlogAThon 2026 BlogAThon

It is here - the Ortelius Annual Blog-A-Thon - from April through June, submit a blog and it will be considered for a #SecureChainCon talk in late June. https://cstu.io/ab5876

Need to simplify your #MCP server configuration? Check out #MCPConfigManager - a brilliant tool created by the amazing Brian Dawson: https://cstu.io/b17963

Another supply chain hack to be aware of - Axios gets hit with a compromised #npm account. thehackernews.com/2026/03/axios-supply-cha...

2026 BlogAThon 2026 BlogAThon

The 2026 Ortelius BlogAThon is officially started. Whether you’re just starting out or you’ve been in the trenches of #softwaresupplychainsecurity, we want to hear your voice. Submit a blog between April 1st and July 1st to earn a badge. Learn more at: https://cstu.io/814c6b

2026 BlogAThon 2026 BlogAThon

It is here - the Ortelius Annual Blog-A-Thon - from April through June, submit a blog and it will be considered for a #SecureChainCon talk in late June. https://cstu.io/ab5876

The {(urn:li:organization:19100461)[Continuous Delivery Foundation]} Awards are open - Nominate or self-nominate in general CDF categories, and for each project. @cdeliveryfdn.bsky.social Learn more at https://cstu.io/3cf10f

The Tensor in the Haystack: Weightsquatting as a Supply-Chain Risk By Javier Medina ( X / LinkedIn) TL;DR Weightsquatting is artifact-level manipulation of model weights to bias dependency selection toward attacker-chosen targets during development …

A new type of 'squatiing' hitting the supply chain. https://cstu.io/51dcd2

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea Polyfill supply chain attack that hit more than 100,000 websites has now been linked to North Korean threat actors.

The Polyfill Supply Chain Attack - hit 100K sites. Learn how. https://cstu.io/d96a90

Why Jenkins Users Need Post-Deployment Vulnerability Detection and Remediation - CD Foundation Jenkins is great, but with Ortelius, it's that much better. Find out why.

Hey {(urn:li:organization:1846812)[Jenkins project]} - here is how to add post-deployment #CVE detection into your {(urn:li:organization:10549504)[Jenkins]} pipeline - using a digital twin. Easy adoption, big visibility, fast remediation. https://cstu.io/dc2144

2026 BlogAThon 2026 BlogAThon

The 2026 Ortelius BlogAThon is officially started. Whether you’re just starting out or you’ve been in the trenches of #softwaresupplychainsecurity, we want to hear your voice. Submit a blog between April 1st and July 1st to earn a badge. Learn more at: https://cstu.io/814c6b

The {(urn:li:organization:19100461)[Continuous Delivery Foundation]} Awards are open - Nominate or self-nominate in general CDF categories, and for each project. @cdeliveryfdn.bsky.social Learn more at https://cstu.io/479549

New PhantomRaven NPM attack wave steals dev data via 88 packages New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

New PhatomRaven NPM attack - https://cstu.io/4087f7

The CDF Awards are open - Nominate or self-nominate in general CDF categories, and for each project. @cdeliveryfdn.bsky.social Learn more at https://cstu.io/479549

Need to simplify your #MCP server configuration? Check out #MCPConfigManager - a brilliant tool created by the amazing Brian Dawson: https://cstu.io/b17963

hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far - StepSecurity A week-long automated attack campaign targeted CI/CD pipelines across major open source repositories, achieving remote code execution in at least 4 out of 5 targets. The attacker, an autonomous bot called hackerbot-claw, used 5 different ex...

Check your repos! @openssf published their first security alert, and it is big. hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far - StepSecurity https://share.google/nTL8rigasYgm2FA2b

Why Jenkins Users Need Post-Deployment Vulnerability Detection and Remediation - CD Foundation Jenkins is great, but with Ortelius, it's that much better. Find out why.

Hey {(urn:li:organization:1846812)[Jenkins project]} - here is how to add post-deployment #CVE detection into your {(urn:li:organization:10549504)[Jenkins]} pipeline - using a digital twin. Easy adoption, big visibility, fast remediation. https://cstu.io/dc2144

2026 BlogAThon 2026 BlogAThon

The 2026 Ortelius BlogAThon is officially started. Whether you’re just starting out or you’ve been in the trenches of #softwaresupplychainsecurity, we want to hear your voice. Submit a blog between April 1st and July 1st to earn a badge. Learn more at: https://cstu.io/814c6b

Need to simplify your #MCP server configuration? Check out #MCPConfigManager - a brilliant tool created by the amazing Brian Dawson: https://cstu.io/b17963

Did you miss the Ortelius Outreach call this week? No problem - we recorded it. @cdeliveryfdn.bsky.social https://youtu.be/BqJj5mwpUvE?si=TM9uOaHBld2w2haT

Why Jenkins Users Need Post-Deployment Vulnerability Detection and Remediation - CD Foundation Jenkins is great, but with Ortelius, it's that much better. Find out why.

Hey {(urn:li:organization:1846812)[Jenkins project]} - here is how to add post-deployment #CVE detection into your {(urn:li:organization:10549504)[Jenkins]} pipeline - using a digital twin. Easy adoption, big visibility, fast remediation. https://cstu.io/dc2144

Announcing new course: GitOps for Platform Engineering Bridge the gap between GitOps 101 and enterprise reality. Learn multi-cluster, policy-driven GitOps for Platform Engineering from expert Artem Lajko

Want to learn more about {(urn:li:organization:86343337)[Platform Engineering]} engineering and #GitOps? Here is a new course just for you. https://cstu.io/9fcbaf

Five key recommendations for platform teams in 2026 Five actionable recommendations for platform teams in 2026 to maximize ROI, drive adoption, integrate AI, and build effective, scalable platform strategies

On the topic of #platformengineering - some solid recommendations from the Platform Engineering Foundation platformengineering.org/blog/five-key-recommenda...

Need to simplify your #MCP server configuration? Check out #MCPConfigManager - a brilliant tool created by the amazing Brian Dawson: https://cstu.io/b17963

Kubernetes Rolling Updates for Reliable Deployments Learn how the Kubernetes rolling update strategy works, how to use it safely, and see an example deployment.

As the team explores how to track what is running on endpoints, the use of the Kubernetes log file for tracking deployment becomes clearer - particularly when managing blue/green deployments and rolling updates. Learn more at https://cstu.io/dc0c13