platform engineering
32 articles tagged platform-engineering.
-
What version constraints actually look like across real Terraform estates
A version constraint feels like a fact about what's running. It's a record of what the author allowed. I measured how that plays out across four real Terraform estates.
-
You changed the shared CI template. Half the org got it instantly. The other half will never see it.
A shared CI change is not a release. It is two deployments at once: instant to the pipelines tracking your branch, silent to the ones pinned to a tag. You hold the roster for neither.
-
You deprecated the internal library. The repos still using it never saw the warning.
A deprecation warning only reaches consumers who recompile, and the repos that pinned the old version go quiet. Deprecating an internal library is a census problem.
-
Your senior engineer just left. Your bus factor was measuring the wrong thing.
A senior leaves and the code stays readable. What walks out is the cross-repo dependency map they held in their head — the part your bus factor, measured from commits, never counted.
-
How to Find Every Consumer of Your Internal Python Package
You maintain an internal Python package and a breaking change is coming. Which repos depend on it, at which version — and why pip, PyPI and your private index all answer the wrong question.
-
A CVE just hit your base image. Your scanner won't tell you which repos to fix.
A scanner finds the vulnerable base image — not the repos you patch. Why base-image CVE remediation is a cross-repo source problem, and how to get the list.
-
Your senior engineer just gave notice. Most of what they knew was in the repos all along.
Tribal knowledge is two different things wearing one name. The half everyone panics about losing was declared in your Terraform, your Dockerfiles, and your CI config the whole time.
-
How to Find Every Consumer of Your Internal npm Package
You maintain an internal npm package and a breaking change is coming. Which repos depend on it, at which version — and why npm answers this for public packages but not for your scoped ones.
-
GitLab Orbit maps your whole SDLC. It still can't tell you what an infrastructure change will break.
GitLab Orbit is an excellent symbol-and-SDLC graph. It's also the clearest illustration yet of the one layer that kind of graph can't reach: the infrastructure dependencies running between your repositories.
-
How to Find Every Consumer of Your GitLab CI Template
You maintain a shared GitLab CI template. Which projects include it, at which ref — and what breaks when you merge? Why GitLab can't tell you, and what can.
-
Is Backstage worth it? The real question is whether anyone will use it
The Backstage worth-it debate is always about cost — FTEs, months, TCO. Spotify's own head of Backstage engineering says that's not where it dies.
-
Backstage alternatives in 2026: first ask why you wanted Backstage
Every "Backstage alternatives" roundup lists the same five portals. None of them asks the question that decides which alternative is right: what job sent you looking in the first place?
-
Monorepo vs polyrepo: the debate is measuring the wrong thing
Monorepo vs polyrepo is argued as a code-location debate. The real variable is whether "what depends on this" is queryable — and infrastructure never got a vote.
-
Modeled graphs and parsed graphs: two architectures for cross-repo context in the agentic era
Why Port's Blueprints can model the catalog you describe but not the dependency graph your repos already declare — and why modeled graphs and parsed graphs are different categories.
-
Symbol graphs and artifact graphs: why Sourcegraph stops where infrastructure starts
Why Sourcegraph's symbol graph can't tell you who consumes your Helm chart at v3.2.0 — and why symbol graphs and artifact graphs are different categories.
-
Cross-repo context is in product docs. The graph is not.
The vocabulary moved into vendor docs in sixty days. The parser-derived cross-repo dependency graph it describes hasn't shipped in any AI coding product.
-
What 208 kubernetes-sigs repos actually depend on
I scanned all 208 kubernetes-sigs repos with Riftmap. Here's the cross-repo dependency graph, including the 153 repos that import sigs.k8s.io/yaml.
-
You don't need a virtual monorepo. You need a graph.
Two patterns for AI coding agent context across repos. One scales by hand, one by construction.
-
AI coding agents need cross-repo context. The teams running them at scale are already building it themselves.
Three teams shipped the same diagnosis in two weeks: AI coding agents need cross-repo context. Two built the dependency graph substrate. One built around it.
-
Meta needed 50+ AI agents to map their tribal knowledge. The most durable piece of their stack is the part you can build today.
A close read of Meta's April 2026 tribal knowledge engine, the academic paper they cited, and the architectural argument hidden inside both.
-
The catalog maintenance trap: why service catalogs go stale
Backstage and the developer-portal category solve a real problem. The reason platform teams quietly abandon them is something different, and it points at the shape of what actually works.
-
What 56 Prometheus repos actually depend on
I scanned all 56 repos in the Prometheus org with Riftmap. Here's the cross-repo dependency graph, including the 25 repos that import client_golang.
-
Change failure rate is up 30% — here's how to measure yours in an afternoon
A practitioner's guide to calculating change failure rate for your team without a vendor platform — the DORA formula, the SQL, and the one cut nobody is making yet: AI-assisted PRs vs human-authored.
-
AI Doesn't Understand Blast Radius: Why Change Failure Rates Are Up 30%
AI coding tools optimise for local correctness, but production breaks at the edges of the cross-repo dependency graph they can't see. A look at the 2025–2026 data — Cortex, DORA, CodeRabbit, and Amazon's own high-blast-radius memo — and what to put between the agent and main.
-
How to Find Every Consumer of Your Go Module
You maintain an internal Go module. A breaking API change is coming. Which repos across your org import it — and at which version? Here's why the answer is harder than it should be.
-
How to Find Every Consumer of Your Helm Chart
You maintain a shared Helm chart. A breaking value rename or API version bump is coming. Which deployments across your org depend on it — and at which version? Here's why the answer is harder than it should be.
-
How to Find Every Consumer of Your Reusable GitHub Actions Workflow
You maintain a shared GitHub Actions workflow. You need to rename an input, drop a step, or change a required secret. Which repos across your org call it — and at which ref? Here's why the answer is harder than it should be.
-
How to Find Every Consumer of Your Terraform Module
When you need to make a breaking change to a shared Terraform module, which repos are affected? Here's why the answer is harder than it should be.
-
How to Find Every Consumer of Your Docker Base Image
When a CVE hits your Docker base image, which repos are affected? Here's why the answer is harder than it should be, and what a real solution requires.
-
The State of Infrastructure Dependency Tooling in 2026
An honest survey of the infrastructure dependency tooling landscape in 2026 — what Backstage, Renovate, HCP Terraform Explorer, Nx, Wiz, and DIY scripts each solve, where they fall short, and the gap that none of them fill.
-
Auto-Discovering Infrastructure Dependencies Across 10 Ecosystems
A technical deep-dive into auto-discovering cross-repo dependencies across Terraform, Docker, CI pipelines, Python, Go, npm, Ansible, Helm, Kubernetes, and Kustomize — and why each ecosystem fights back.
-
The Infrastructure Dependency Problem No One Has Solved
Why every platform team eventually builds the same brittle script, and why it keeps breaking. A deep look at cross-repo dependency visibility — the infrastructure problem hiding in plain sight.