SShortSingh.
TopTechnologyAI & MLStartupsProgrammingScienceBusinessFinanceCrypto & Web3World
Back to feed
Programming

How One Leaked GitLab Token Led a Team to Embed LLMs in Their CI/CD Pipeline

0
·1 views

A GitLab API token committed to a repository went unnoticed by two experienced engineers for 18 hours before being caught in a routine audit. The incident prompted the team to integrate a large language model into their Jenkins merge-request validation pipeline, where it can now flag embedded secrets, Terraform misconfigurations, and other issues automatically before any human reviewer sees the diff. The LLM is triggered on every merge request via a GitLab webhook, with findings posted as inline comments at specific lines with suggested fixes. The team emphasizes that LLMs work best in CI/CD as a targeted complement to deterministic tools like linters and static analyzers, not as a replacement for them. Based on production experience across 100-plus monthly merge requests, they identified five use cases where LLM integration delivers reliable value in software delivery pipelines.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Developer Shares 100 Python Automation Scripts to Eliminate Repetitive Daily Tasks

A developer has published a collection of 100 Python scripts designed to automate time-consuming manual tasks that drain productivity each day. The scripts are organised into ten thematic groups covering areas such as file management, inbox handling, calendar prep, data cleaning, and system maintenance. Examples include scripts that auto-rename downloads, OCR and index PDFs, mute Slack during focus periods, and prune old Docker images. The guide is aimed at developers who want to replace repetitive micro-tasks with locally run, scheduled automations using tools like cron and systemd. The author advocates for owning automations locally rather than relying on third-party cloud services, framing the approach as compounding time savings over weeks and months.

0 comments Read more at DEV Community
0
ProgrammingDEV Community ·

agentx-mcp Proxy Blocks Destructive AI Agent Calls and Guides Self-Recovery

A new open-source tool called agentx-mcp acts as a lightweight stdio proxy that intercepts every tool call made by AI agents running through MCP servers before execution. The proxy deterministically blocks dangerous operations such as DROP TABLE queries, unscoped deletes, shell teardown commands, and SSRF attempts without requiring an API key or any external service. When a harmful call is blocked, the proxy returns a structured coaching error that describes what was unsafe and suggests a safer alternative, allowing the agent to revise and retry on its own. This self-correction loop means an autonomous agent run can survive a blocked call and still complete its task, rather than failing on a hard error. The tool is installed via pip and configured with a single line change in the mcp.json file, making it compatible with any MCP-speaking client such as Claude Code or Cursor.

0 comments Read more at DEV Community
0
ProgrammingDEV Community ·

Developer launches free browser-based film photo editor after 4 months of solo work

A developer has built and released Polaroma, a free browser-based photo editor that replicates the look of analog film stocks, VHS, Polaroid, and other retro formats. The tool features over 20 hand-crafted presets and full manual controls, with all image processing handled locally in the browser without cloud uploads. The creator spent four months studying real film stock characteristics and translating them into deterministic color math, deliberately avoiding AI-based processing. Preset calibration proved the most time-consuming part of the project, taking longer than anticipated to achieve authentic results. Polaroma is available at polaroma.online, and the developer is seeking feedback from other developers on the rendering and color science approach.

0 comments Read more at DEV Community
0
ProgrammingDEV Community ·

Developer builds self-improving code pipeline using three collaborative AI agents

A developer has created a multi-agent AI pipeline in which one AI agent writes Python code, a second scores it, and a third refines it based on structured feedback — all running in an automated loop. The system uses Anthropic's Claude models, with the generator and refiner powered by claude-opus-4-8 and the scorer using the faster, cheaper claude-haiku model. Code is accepted only when it scores 9.6 or above out of 10, with a maximum of three refinement attempts before the pipeline exits with an error. A key design insight was passing the full history of previous attempts to the scorer to prevent it from penalising changes it had already rewarded in earlier rounds. Once the code clears the threshold, it is written to a temporary file and executed as a child subprocess, completing the automated cycle.

0 comments Read more at DEV Community
How One Leaked GitLab Token Led a Team to Embed LLMs in Their CI/CD Pipeline · ShortSingh