terraform
12 articles tagged terraform.
-
Blast radius in software engineering: what it is, how to measure it, how to contain it
Blast radius is really two measurements — the code radius your tests catch, and the artifact radius that crosses repos. In one org, 147 repos hit one module.
-
What 242 Cloud Posse repos actually depend on
A Riftmap scan of 242 Cloud Posse repos found 147 declaring terraform-null-label, 133 on context.tf line 24, plus what grep, symbol graphs, and catalogs miss.
-
Can AI check the blast radius of a PR before you merge?
Yes — but only if a dependency graph exists for it to query. At least three different graphs are being sold under one phrase, and each is blind to a different kind of change. Here's what each one genuinely sees, walked end to end on a real public org.
-
The repo your agent didn't clone is the one it breaks
Coding agents got cross-repo access this year. They still can't see the blast radius of a base-image bump — because that edge was never a function call, and it lives in a repo they never cloned.
-
I counted every cross-repo edge in two real orgs. Not one was a code symbol.
I scanned Prometheus and Cloud Posse and counted every cross-repo edge. Infrastructure runs from 38% to 99.75% of the coupling. Code symbols: zero.
-
What version constraints actually look like across real Terraform estates
A version constraint feels like a fact about what's running. It's a record of what the author allowed. I measured how that plays out across four real Terraform estates.
-
Overmind shows you the blast radius in your running cloud. It can't show you the repos that were building on what you changed.
Overmind reads your live AWS, GCP and Kubernetes state to tell you whether a Terraform apply is safe. Riftmap parses source to tell you which other repositories consume what you are changing. Both call it "blast radius". They are not the same radius.
-
GitLab Orbit maps your whole SDLC. It still can't tell you what an infrastructure change will break.
GitLab Orbit is an excellent symbol-and-SDLC graph. It's also the clearest illustration yet of the one layer that kind of graph can't reach: the infrastructure dependencies running between your repositories.
-
How to Find Every Consumer of Your Terraform Module
When you need to make a breaking change to a shared Terraform module, which repos are affected? Here's why the answer is harder than it should be.
-
The State of Infrastructure Dependency Tooling in 2026
An honest survey of the infrastructure dependency tooling landscape in 2026 — what Backstage, Renovate, HCP Terraform Explorer, Nx, Wiz, and DIY scripts each solve, where they fall short, and the gap that none of them fill.
-
Auto-Discovering Infrastructure Dependencies Across 10 Ecosystems
A technical deep-dive into auto-discovering cross-repo dependencies across Terraform, Docker, CI pipelines, Python, Go, npm, Ansible, Helm, Kubernetes, and Kustomize — and why each ecosystem fights back.
-
The Infrastructure Dependency Problem No One Has Solved
Why every platform team eventually builds the same brittle script, and why it keeps breaking. A deep look at cross-repo dependency visibility — the infrastructure problem hiding in plain sight.