
Amazon S3 Files, Malicious npm Plugins, Trivy Fallout, and Kubernetes’ Gateway Shift
From Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News by Teller's Tech - DevOps, SRE and Cloud Podcast
April 10, 2026 · 15 min · Episode 32
About this episode
This episode discusses the evolution of Amazon S3 Files, malicious npm plugins, the Trivy fallout, and Kubernetes' shift towards Gateway API.
This episode of Ship It Weekly is about the interface layer becoming the story. Brian covers Amazon S3 Files and why it feels more like a managed filesystem layer in front of S3 than “S3 is EFS now,” including how it relates to the old s3fs and FUSE-style approach. He also digs into 36 malicious npm packages posing as Strapi plugins, the uglier follow-on to the Trivy incident he discussed previously, Kubernetes Ingress2Gateway 1.0 and the push toward Gateway API, and Kubernetes Agent Sandbox as a sign that newer AI-style workloads are starting to reshape the platform itself. Links Amazon S3 Files https://aws.amazon.com/blogs/aws/launching-s3-files-making-s3-buckets-accessible-as-file-systems/ Malicious npm packages posing as Strapi plugins https://thehackernews.com/2026/04/36-malicious-npm-packages-exploited.html Trivy follow-on incident discussion https://github.com/aquasecurity/trivy/discussions/10425 RoseSecurity on Trivy / typosquatting angle https://rosesecurity.dev/2026/03/20/typosquatting-trivy.html Earlier episode covering the first Trivy incident…
People in this episode
Host: Brian
Topics covered
- Amazon S3 Files
- malicious npm packages
- Trivy incident
- Kubernetes Ingress2Gateway
- Gateway API
- Kubernetes Agent Sandbox
Keywords
- Amazon S3
- npm
- malicious packages
- Trivy
- Kubernetes
- Gateway API
- Agent Sandbox
Mentioned in this episode
Organizations: Amazon S3, npm, Strapi, Trivy, Kubernetes, RoseSecurity
Products: Kubernetes Agent Sandbox
More episodes of Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News
- Coinbase Outage, Meta AI Account Recovery, AWS AgentCore Code Injection, Apigee Tenant Isolation, and the Glue That Breaks Production · June 12, 2026 · 23 min
- Kiro CLI Approval Bypass, Amazon Braket Pickle Risk, AWS Org Logging, KEDA Upgrades, and Automation’s Hidden Boundaries · June 5, 2026 · 20 min
- GitHub Supply Chain Attacks, Railway’s GCP Outage, Discord’s Voice Failure, AWS Retry Changes, and Trusted Tool Risk · May 29, 2026 · 24 min
- Ship It Conversations: Jake Warner on Cycle.io, Bare Metal’s Comeback, and Why Private Cloud Is Getting Interesting Again · May 26, 2026 · 36 min
- CISA’s GitHub Leak, AI Root Cause Analysis, Copilot Agents, Claude Code in CI/CD, and Kubernetes Seccomp Risk · May 22, 2026 · 22 min
- AI Agents Get API Access and Identity: GitHub Copilot Cloud Agents, MCP Auth, Ansible Automation, OpenAI Daybreak, and the New Production Risk · May 14, 2026 · 23 min
Explore listener stats, chart rankings, contacts and more on the Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News podcast page.