Week 20, year 2025
- Coding Assistants Threaten the Software Supply Chain - We have long recognized that developer environments represent a weak point in the software supply chain. Jim Gumbley and Lilly Ryan explore how agentic coding assistants expand the attack surface of software supply chains and what measures we need to do to safeguard security when using them. [Martin Fowler]
- Building Custom Tooling with LLMs - Tools that treat diagrams as code, such as PlantUML, are invaluable for communicating complex system behavior. But Unmesh Joshi often wished for an extension to walk through these diagrams step-by-step. Yet, extending established tools like PlantUML often involves significant initial setup - parsing hooks, build scripts, viewer code, packaging - enough “plumbing” to deter rapid prototyping. He narrates now he used an LLM to build a small extension adding step-wise playback to PlantUML sequence diagrams. This illustrates how syntax design, parsing, SVG generation, build automation, and an HTML viewer were iteratively developed through a conversation with an LLM - turning tedious tasks into manageable steps. [Martin Fowler]