NextLink Labs

Two problems that eat engineering time every week.

Writing GitLab pipelines from scratch.
Most CI files start from a half-broken template nobody fully trusts — no scanning, no caching, no parallel stages. Rewriting them is fine work, but it's slow and the mistakes don't show up until the first failed run at 2pm on a Tuesday.

Alex Podobnik has been using Claude Code for internal GitLab pipelines and wrote up exactly what that workflow looks like — rootless BuildKit, Trivy scanning with a hard fail on HIGH and CRITICAL, proper layer caching, and a staging tag so vulnerable images never touch the registry. Where Claude Code earns its keep, and where it doesn't.

Importing existing infrastructure into Terraform.
You open the AWS console, find 15 EC2 instances, a dozen S3 buckets, and a VPC with security groups nobody fully understands — all created by hand, none of it in code. The old way: pull the details, write the HCL, run plan, read the diff, fix it, repeat. 15 minutes per resource. 50 resources. Do the math.

With Claude Code running the agentic loop — pulling from AWS CLI, writing HCL, running plan, reading the diff, fixing it — 25 S3 buckets takes 20–30 minutes unattended.

Both pieces just dropped in the NextLink newsletter. Written by engineers, for engineers.

Links in the comments.

Your software has vulnerabilities. That's not a maybe — it's a mathematical certainty.

The average application has 20–30 open-source dependencies. Each one carries its own history of CVEs, misconfigurations, and undiscovered flaws. Multiply that across every service, library, and infrastructure component in your environment and the attack surface becomes enormous.

Traditional scanning tools catch what they know. They're pattern matchers — great at flagging known signatures, terrible at reasoning about context.

They can't tell you:
→ Is this CVE actually reachable in my application?
→ Does this IAM policy become dangerous in combination with this S3 bucket and this Lambda trigger?
→ Is this business logic flaw even on the map?

That gap between "this vulnerability exists" and "this vulnerability is exploitable in your environment" is where most real risk lives.

It's also where we've integrated Claude into our security assessment workflow.

Not to replace our security engineers. To make them faster, more thorough, and harder to fool. Claude handles the systematic review. Our engineers focus on what actually matters.

Travis Burmaster, Solution Architect at NextLink Labs, wrote up exactly how we structure this — the context engineering, the iterative depth, and what it means for how clients prioritize remediation.

Worth a read if you're responsible for a software portfolio and want to know where your real risks are — not just the ones your current tooling can see.

🔗 Full post in the comments.

You’ve got a staging environment that only one person knows how to reset.
A CI pipeline that breaks if you name a branch wrong.
A test suite nobody trusts.
And an approval process that depends on Slack pings.

But somehow... releases still happen.
Features still go out.
Teams still push forward.

Until one day, everything hits at once:
- Merge conflicts.
- Failed deploy.
- Hotfix rollback.
- Security flag.

And leadership asks:

“Why aren’t we more efficient?”

Because duct tape feels fast - until you need structure.

At NextLink Labs, we help engineering orgs build real systems:

🔹 CI/CD pipelines that reflect reality, not wishful thinking
🔹 DevSecOps flows that are invisible when they work - and obvious when they don’t
🔹 Infrastructure that scales with confidence, not hope
🔹 Delivery patterns that teams don’t have to work around

📩 If your team is performing in spite of your systems - it’s time to build ones they can actually rely on.
https://buff.ly/xkwXSfQ