blast radius
23 articles tagged blast-radius.
-
Blast radius in software engineering: what it is, how to measure it, how to contain it
Blast radius is really two measurements — the code radius your tests catch, and the artifact radius that crosses repos. In one org, 147 repos hit one module.
-
What 242 Cloud Posse repos actually depend on
A Riftmap scan of 242 Cloud Posse repos found 147 declaring terraform-null-label, 133 on context.tf line 24, plus what grep, symbol graphs, and catalogs miss.
-
Declared, inferred, registered: the three ways a tool knows a cross-repo dependency exists
Parsed vs inferred is a two-horse race that hides a third runner: registered. How declared, inferred, and registered dependency tools each know an edge exists.
-
How to add a blast-radius gate to your merge pipeline
A pull request to a repository that a hundred others build on should not merge with one approval from a phone. A CI gate that routes review by measured downstream exposure — two HTTP calls, about forty lines, GitLab CI or GitHub Actions, no cloud credentials in the pipeline.
-
Can AI check the blast radius of a PR before you merge?
Yes — but only if a dependency graph exists for it to query. At least three different graphs are being sold under one phrase, and each is blind to a different kind of change. Here's what each one genuinely sees, walked end to end on a real public org.
-
The repo your agent didn't clone is the one it breaks
Coding agents got cross-repo access this year. They still can't see the blast radius of a base-image bump — because that edge was never a function call, and it lives in a repo they never cloned.
-
How to Find Every Consumer of Your Kustomize Base
You own a Kustomize base. Which overlays across your org build on it, at which ref — and what breaks when you change it? Why grep can't tell you, and what can.
-
I counted every cross-repo edge in two real orgs. Not one was a code symbol.
I scanned Prometheus and Cloud Posse and counted every cross-repo edge. Infrastructure runs from 38% to 99.75% of the coupling. Code symbols: zero.
-
What version constraints actually look like across real Terraform estates
A version constraint feels like a fact about what's running. It's a record of what the author allowed. I measured how that plays out across four real Terraform estates.
-
How to Find Every Consumer of Your Ansible Role
Ansible has no lockfile and no reverse lookup: change a shared role and nothing says who breaks. Why finding every consumer is harder than grep.
-
Overmind shows you the blast radius in your running cloud. It can't show you the repos that were building on what you changed.
Overmind reads your live AWS, GCP and Kubernetes state to tell you whether a Terraform apply is safe. Riftmap parses source to tell you which other repositories consume what you are changing. Both call it "blast radius". They are not the same radius.
-
A CVE just hit your base image. Your scanner won't tell you which repos to fix.
A scanner finds the vulnerable base image — not the repos you patch. Why base-image CVE remediation is a cross-repo source problem, and how to get the list.
-
GitLab Orbit maps your whole SDLC. It still can't tell you what an infrastructure change will break.
GitLab Orbit is an excellent symbol-and-SDLC graph. It's also the clearest illustration yet of the one layer that kind of graph can't reach: the infrastructure dependencies running between your repositories.
-
The CRA's 24-hour clock is a cross-repo question. Your SBOM answers a different one.
The CRA's 24-hour reporting clock asks which products ship an exploited component. Your SBOM lists what is inside one artifact. Those are different questions, and the gap between them is a cross-repo IaC dependency graph.
-
Inferred context is not a dependency graph
An enterprise context engine makes your agent generate better code. A parsed dependency graph is the thing you gate a deploy on. Two jobs, two kinds of machinery, and why a confidence score is the wrong guarantee for the second one.
-
Cross-repo context is in product docs. The graph is not.
The vocabulary moved into vendor docs in sixty days. The parser-derived cross-repo dependency graph it describes hasn't shipped in any AI coding product.
-
You don't need a virtual monorepo. You need a graph.
Two patterns for AI coding agent context across repos. One scales by hand, one by construction.
-
AI coding agents need cross-repo context. The teams running them at scale are already building it themselves.
Three teams shipped the same diagnosis in two weeks: AI coding agents need cross-repo context. Two built the dependency graph substrate. One built around it.
-
AI Doesn't Understand Blast Radius: Why Change Failure Rates Are Up 30%
AI coding tools optimise for local correctness, but production breaks at the edges of the cross-repo dependency graph they can't see. A look at the 2025–2026 data — Cortex, DORA, CodeRabbit, and Amazon's own high-blast-radius memo — and what to put between the agent and main.
-
How to Find Every Consumer of Your Terraform Module
When you need to make a breaking change to a shared Terraform module, which repos are affected? Here's why the answer is harder than it should be.
-
How to Find Every Consumer of Your Docker Base Image
When a CVE hits your Docker base image, which repos are affected? Here's why the answer is harder than it should be, and what a real solution requires.
-
The State of Infrastructure Dependency Tooling in 2026
An honest survey of the infrastructure dependency tooling landscape in 2026 — what Backstage, Renovate, HCP Terraform Explorer, Nx, Wiz, and DIY scripts each solve, where they fall short, and the gap that none of them fill.
-
The Infrastructure Dependency Problem No One Has Solved
Why every platform team eventually builds the same brittle script, and why it keeps breaking. A deep look at cross-repo dependency visibility — the infrastructure problem hiding in plain sight.