#ci-cd
5 articles exploring ci-cd. Expert insights and analysis from our editorial team.
Articles
Bitwarden CLI Compromise Extends the Checkmarx [Supply-Chain Campaign](/articles/vercels-april-2026-database-leak-pivoted-from-lumma-stealer-at-context-ai-via/) to Credential Tooling
A trojanized @bitwarden/cli release spent 93 minutes on npm April 22. The Checkmarx-themed payload harvested credentials via preinstall hook, exposing vault session tokens.
GitHub CLI v2.91.0 Turns On Default Telemetry: What gh Collects and How to Opt Out in CI and Agent Pipelines
GitHub CLI v2.91.0 enables pseudonymous telemetry by default, collecting command paths, flags, CI context, and device IDs on 1% of invocations. Teams running gh inside Claude.
MR-Coupler: Automated Metamorphic Test Generation via Functional Coupling Analysis
MR-Coupler uses LLMs to identify functionally coupled method pairs and generate metamorphic test oracles automatically. Accepted to FSE 2026 in March 2026.
TeamPCP Backdoored LiteLLM via a Poisoned CI Scanner: What It Means for Every AI Python Stack
TeamPCP stole LiteLLM's PyPI token through a compromised Trivy GitHub Action, shipping credential-stealing releases to 36% of monitored cloud environments.
[Claude Code in GitHub Actions](/articles/claude-code-vs-cursor-vs-copilot-after-the-april-2026-reshuffle-how/): A Complete Guide to Automated PR Fixes
How to wire Claude Code into GitHub Actions for automated PR fixes, CI failure remediation, and code review — with cost controls and security guardrails.