Skip to main content

ci-cd

Browse all articles, tutorials, and guides about ci-cd

5posts

Posts

DevOps
|8 min read

Stop Standing Up an S3 Bucket Per Preview Environment

Giving every preview environment isolated file storage usually means provisioning a real bucket per environment: policies, IAM, lifecycle rules, credentials, and a teardown job that leaves orphans anyway. When the bucket rides the database branch, that whole apparatus disappears. Here is the difference, tested.

Security
|8 min read

When the SSH Server Attacks the Client: libssh2 CVE-2026-55200

You spent years hardening sshd. This bug does not care. CVE-2026-55200 is a pre-auth heap overflow in libssh2 where a malicious SSH server takes over the client that connects to it, no credentials needed. And libssh2 is a client library hiding in curl, git tooling, and backup jobs all over your pipeline. Here is the bug, who is actually exposed, and how to find it in your stack.

DevOps
|9 min read

Preview Environments That Include the Backend, Not Just the Frontend

Every PR gets a frontend preview URL. The backend is almost always one shared staging database, so previews quietly lie to you. On Neon a branch is the database, its data, and the functions together, so each PR can get a real isolated backend. Here is the workflow, tested end to end.

DevOps
|9 min read

npm v12 Will Stop Running Install Scripts. We Audited Our Repos to See What Actually Breaks

Starting with npm v12 (estimated July 2026), dependency install scripts will not run unless you allowlist them. We ran the new audit tooling on our own production repos: 65 packages flagged, 4 that matter, and a surprising amount of nothing breaking.

Security
|13 min read

CVE-2026-3854: A Single git push Owned GitHub

A semicolon in a git push option let any authenticated user run code on GitHub.com's backend and on 88% of self-hosted GitHub Enterprise installs. Here is how the bug worked and what to do.