Grafana released critical patches (CVE-2026-27876: RCE via SQL expressions arbitrary file write, CVSS 9.1; CVE-2026-27880: unauthenticated DoS via OpenFeature endpoint, CVSS 7.5) affecting versions 11.6.0+ and 12.1.0+ respectively, with patched versions available across multiple release branches. Grafana Labs Blog ★★★★★ Read article → Original source ↗
Ingress NGINX is reaching end-of-life; the article provides a structured migration path to Kubernetes Gateway API with validation, gradual traffic shifting, and monitoring to prevent production incidents. This is a mandatory infrastructure upgrade for operators currently running Ingress NGINX controllers. Datadog Blog ★★★★★ Read article → Original source ↗
Grafana Cloud Logs implements a 100x fair usage policy allowing queries up to 100 times your monthly ingested log volume at no extra charge; exceeding this triggers overage billing calculated as max(ingested GB, queried GB / 100), with practical monitoring via the Loki query fair usage dashboard and cost optimization strategies focused on efficient query patterns and alerting rule configuration. Grafana Labs Blog ★★★★ Read article → Original source ↗
Continuous profiling with Alloy's eBPF-based CPU profiler and Pyroscope enabled zero-instrumentation identification of performance bottlenecks in TON blockchain validation code, revealing that cryptographic operations (SHA256, Ed25519) and data structure choices (std::map vs std::unordered_set) were primary optimization targets, with concrete examples showing 2-20% speedups from targeted replacements and algorithmic improvements. Grafana Labs Blog ★★★★ Read article → Original source ↗
The article explains how eBPF profilers symbolize Go binaries by mapping raw memory addresses to function names, leveraging Go's embedded .gopclntab section which persists even in stripped binaries—a capability unavailable to most other native languages that require server-side symbolization. Understanding this process is critical for debugging production profiling issues and explains why Go programs produce superior profiling data out-of-the-box. Grafana Labs Blog ★★★★ Read article → Original source ↗
OpenRouter's Broadcast feature automatically sends OpenTelemetry traces to Grafana Cloud for LLM API requests, enabling production observability of token usage, costs, latency profiles, and model behavior without code changes. This addresses the unique monitoring challenges of multi-model LLM applications through infrastructure-layer tracing rather than application-level instrumentation. Grafana Labs Blog ★★★★ Read article → Original source ↗
OpenLIT Operator enables automatic OpenTelemetry instrumentation injection into Kubernetes pods running AI workloads without code changes, allowing zero-code observability for LLMs, agents, and vector databases when integrated with Grafana Cloud. This approach eliminates manual instrumentation maintenance across complex AI microservices while maintaining vendor neutrality through OpenTelemetry standards. Grafana Labs Blog ★★★★ Read article → Original source ↗
OpenLIT SDK provides automatic distributed tracing for AI agents in Grafana Cloud, capturing the full execution path including planning, tool calls, LLM invocations, token usage, and costs—enabling root-cause analysis of non-deterministic agent behavior and cost optimization through unified observability dashboards. The integration requires minimal instrumentation (single init() call) and works across multiple agent frameworks (CrewAI, OpenAI Agents, LangChain, etc.). Grafana Labs Blog ★★★★ Read article → Original source ↗
Index scan performance depends critically on predicate alignment and column ordering; misaligned predicates can cause severe latency even when indexes are present, and this pattern can be detected using database monitoring tools. Datadog Blog ★★★★ Read article → Original source ↗
Platform engineering metrics should focus on measuring software delivery performance impact (deployment frequency, lead time, failure rate, recovery time) rather than vanity metrics like infrastructure utilization or tool adoption rates. Proper metric selection enables data-driven decisions about platform investments and their actual effect on developer productivity and system reliability. Datadog Blog ★★★★ Read article → Original source ↗
Recorded Future threat intelligence can be integrated into Datadog Cloud SIEM to enrich logs with real-time threat data and automatically prioritize security alerts based on external intelligence feeds. This integration enables security teams to correlate internal log events with known threat indicators, reducing alert triage time and improving threat detection accuracy. Datadog Blog ★★★★ Read article → Original source ↗
The article provides a framework for identifying and mitigating CI/CD pipeline vulnerabilities by applying MITRE-style threat modeling to anticipate attack vectors. This approach helps organizations systematically secure their CI/CD infrastructure, which is frequently neglected as a critical security boundary. Datadog Blog ★★★★ Read article → Original source ↗
Apply detection-based threat modeling to GitHub CI/CD by mapping critical inputs, identities, and their associated attack vectors to identify and mitigate security risks in your pipeline. This approach enables proactive threat identification rather than reactive patching. Datadog Blog ★★★★ Read article → Original source ↗
Datadog's correlated APM and Database Monitoring enables decomposition of end-to-end query latency to identify whether bottlenecks exist in application code, network, or database execution. This distinction is critical for accurate performance troubleshooting since total latency often masks where optimization efforts should focus. Datadog Blog ★★★★ Read article → Original source ↗
OBI v0.7.0 enables automatic HTTP header enrichment in spans without application changes, allowing operators to quickly correlate incidents to specific customers or user segments by carrying request context through distributed traces. This reduces incident triage time by moving from generic error signals to precise blast radius identification. OpenTelemetry Blog ★★★★ Read article → Original source ↗
Adobe operates a large-scale OpenTelemetry Collector pipeline with thousands of instances per signal type, managed by a central observability team that coordinates with product-specific teams across a fragmented post-acquisition infrastructure landscape. The deployment prioritizes operational simplicity while handling massive telemetry volume across the organization. OpenTelemetry Blog ★★★★ Read article → Original source ↗
OpenTelemetry Profiles has reached public alpha, establishing a unified industry standard for continuous production profiling alongside traces, metrics, and logs. This enables low-overhead, standardized performance profiling across heterogeneous systems to troubleshoot incidents and optimize resource utilization. OpenTelemetry Blog ★★★★ Read article → Original source ↗
OpenTelemetry is deprecating the Span Event API in favor of log-based events correlated with spans to eliminate API duplication and confusion; existing span event data will continue to work during the transition period. OpenTelemetry Blog ★★★★ Read article → Original source ↗
Kubernetes attributes in OpenTelemetry Semantic Conventions have reached release candidate status, enabling standardized telemetry enrichment across k8sattributes and resourcedetection processors. This stabilization allows users to test the new schema via feature gates before final release, reducing future breaking changes in production observability pipelines. OpenTelemetry Blog ★★★★ Read article → Original source ↗
Envoy's open source engineering practices—including automated deprecation tracking, comprehensive CI/CD with sanitizers and fuzzing, runtime feature guards, and scaled test ownership models—provide concrete, adoptable patterns that reduce maintainer burden and improve backward compatibility across large codebases. The talk distills institutional practices that prevent entropy in 2M+ line projects and are applicable to any CNCF project regardless of size. CNCF Youtube ★★★★ Read article → Original source ↗
André Silva presents a practical blueprint for securing open-source package pipelines using OIDC authentication to eliminate secrets, automated SBOM generation, cryptographic build attestations, dependency automation with bots, vulnerability scanning via CodeQL, and GitHub Actions hardening through hash pinning and permission restrictions. These practices collectively mitigate supply chain attacks, reduce manual error risk, and improve compliance and build integrity verification. CNCF Youtube ★★★★ Read article → Original source ↗
Cluster Autoscaler, a core Kubernetes component for dynamic node provisioning and cost optimization, is undergoing major architectural refactoring to address maintainability issues accumulated over 8 years of evolution while preserving proven design patterns. The talk covers the historical context and detailed plans for these upcoming structural changes. CNCF Youtube ★★★★ Read article → Original source ↗
Loki is introducing a new "Thor" architecture featuring columnar storage, Kafka-based ingestion, and a redesigned query engine to improve performance and high-cardinality data handling at scale. This represents a significant evolution in Loki's logging capabilities for production environments. Grafana Youtube ★★★★ Read article → Original source ↗
Go applications require intentional observability design combining logs, tracing with context propagation, and continuous profiling (pprof/eBPF) from the start; context propagation gotchas and instrumentation decisions between libraries and users are critical implementation considerations. Grafana Youtube ★★★★ Read article → Original source ↗
Grafana Cloud's Private Data Source Connect (PDC) enables secure access to relational databases in private networks via encrypted SSH tunnels, and when combined with Grafana Assistant (an LLM), allows users to generate complex SQL queries and dashboards using natural language prompts without manual SQL expertise. The article demonstrates this with a PostgreSQL example and provides a Terraform blueprint for automated deployment. Grafana Labs Blog ★★★ Read article → Original source ↗
Go observability should start with logs (the simplest entry point), then progress to metrics derived from logs, distributed tracing for multi-service systems, and profiling (pprof) only when you have actual CPU/memory problems—with eBPF providing kernel-level visibility when application instrumentation isn't sufficient. Grafana Labs Blog ★★★ Read article → Original source ↗
This guide demonstrates how to instrument Model Context Protocol (MCP) servers with OpenLIT and monitor them in Grafana Cloud, providing end-to-end tracing and performance metrics to diagnose latency, failures, and resource consumption across AI agent-to-tool interactions. The setup requires minimal code changes (openlit.init() call) and leverages OpenTelemetry for vendor-neutral observability of distributed agentic systems. Grafana Labs Blog ★★★ Read article → Original source ↗
Datadog released an open source AI-powered SAST tool designed to detect code vulnerabilities with improved accuracy and efficiency compared to traditional static analysis approaches. The solution leverages AI to reduce false positives and enhance vulnerability detection coverage. Datadog Blog ★★★ Read article → Original source ↗
This article describes how to instrument Dell Boomi integration flows using OpenTelemetry to export telemetry data to Datadog, enabling correlated visibility across processes, JVM metrics, and database performance. The approach provides a practical method for observing integration platform behavior through standardized telemetry collection. Datadog Blog ★★★ Read article → Original source ↗
NTT DATA demonstrates how to operationalize agentic AI systems by combining Amazon Bedrock AgentCore for workflow execution with Datadog LLM Observability for tracing, evaluation, and continuous improvement of agent behavior. The integration provides end-to-end visibility into agent decision-making and performance metrics critical for production agentic systems. Datadog Blog ★★★ Read article → Original source ↗
Datadog released a Code Security MCP that integrates vulnerability scanning for AI-generated code, secrets detection, and dependency risk assessment directly into development workflows. This enables real-time security scanning at the point of code generation rather than post-deployment. Datadog Blog ★★★ Read article → Original source ↗
Session Replay now supports custom heatmap backgrounds, allowing teams to selectively capture and analyze specific UI states rather than relying on default recording behavior. This provides more granular control over which application states are instrumented for performance and UX analysis. Datadog Blog ★★★ Read article → Original source ↗
AI-powered summaries and automatic chapter segmentation reduce the time needed to extract actionable insights from session replay data by providing at-a-glance context instead of requiring manual review of full recordings. This accelerates the debugging workflow from issue identification to remediation. Datadog Blog ★★★ Read article → Original source ↗
Datadog Database Monitoring now provides aggregated query metrics, query samples, and active query visibility across ClickHouse deployments. This enables performance monitoring and troubleshooting of ClickHouse workloads through a centralized observability platform. Datadog Blog ★★★ Read article → Original source ↗
Datadog Experiments integrates behavioral analytics, performance monitoring, and business metrics into a unified workflow to measure product changes' business impact. This enables faster, more reliable A/B testing by correlating user behavior, system performance, and business outcomes in a single platform. Datadog Blog ★★★ Read article → Original source ↗
Proper JavaScript cache configuration reduces latency and improves Core Web Vitals by optimizing how browsers and CDNs store and serve JavaScript assets. This directly impacts user experience and page load performance metrics. Datadog Blog ★★★ Read article → Original source ↗
Bits AI Dev Agent automatically detects SAST vulnerabilities and generates fixes by opening pull requests, enabling teams to address security backlogs at scale without manual remediation. This reduces the operational burden of vulnerability management but effectiveness depends on fix quality and false positive rates. Datadog Blog ★★★ Read article → Original source ↗
OpenTelemetry.io expanded multilingual documentation support in 2025, establishing localization as a core pillar with increased contributor participation and language coverage. This enables broader adoption of OpenTelemetry instrumentation guidance across non-English speaking communities. OpenTelemetry Blog ★★★ Read article → Original source ↗
OpenTelemetry now has an official Kotlin SDK in active development, enabling standardized observability instrumentation across Kotlin Multiplatform applications spanning Android, JVM, browser, and desktop environments. This addresses a gap in observability tooling for the growing KMP ecosystem. OpenTelemetry Blog ★★★ Read article → Original source ↗
OpenTelemetry contribution success requires understanding ecosystem context and community dynamics beyond initial setup; sustainable engagement depends on navigating the broader project landscape rather than just completing isolated tasks. OpenTelemetry Blog ★★★ Read article → Original source ↗
Mastodon's production OpenTelemetry deployment represents a real-world case study addressing the community's demand for practical implementation examples beyond documentation. The article initiates a series documenting how organizations actually deploy OTel Collectors in production across diverse architectures and scales. OpenTelemetry Blog ★★★ Read article → Original source ↗
SRE Weekly Issue #511 is a curated digest covering incident management principles, major database migrations (Etsy's Vitess sharding), debugging case studies (Kafka consumer failures, OOM loops), and reliability engineering for constrained environments, with a notable Cloudflare outage postmortem highlighting how reliability systems can paradoxically cause incidents. SRE Weekly Blog ★★★ Read article → Original source ↗
This SRE Weekly digest covers practical reliability engineering topics including error budgets for ML systems (which decay gradually rather than fail suddenly), enterprise budget misallocation toward reactive failure response over prevention, and infrastructure automation patterns like database migrations and graceful service restarts. The recurring theme is that SRE tooling and processes must adapt to new workload types and operational realities rather than applying traditional uptime-focused metrics uniformly. SRE Weekly Blog ★★★ Read article → Original source ↗
SRE Weekly #509 curates articles on incident review best practices (emphasizing human engagement over AI automation), reliability debt management, aviation-inspired incident preparedness, AI-generated code governance risks, and status page communication—highlighting that socio-technical processes and clear customer expectation-setting remain critical to production reliability. SRE Weekly Blog ★★★ Read article → Original source ↗
Prometheus has established a dedicated UX Research Working Group to systematically address user experience pain points identified across onboarding, configuration, documentation, and ecosystem interoperability through structured research and design practices. The group offers user research, usability recommendations, and design artifacts to maintainers while soliciting end-user participation to inform product decisions. Prometheus Blog ★★★ Read article → Original source ↗
The CNCF Project Release Guidelines initiative establishes standardized best practices for project releases across versioning, branching, artifacts, security, and governance, enabling projects to understand maturity signals and evolve their release processes from early stages through graduation. The guidelines are exemplified by mature projects like Kubernetes and Helm, providing a reference model for implementation. CNCF Youtube ★★★ Read article → Original source ↗
Prow, the CI/CD orchestration system critical to Kubernetes development, was designed for 2020 requirements but now faces competition from evolved tooling like GitHub merge queues and Actions; the talk examines whether Prow still meets contributor needs or requires modernization to remain relevant through 2030. CNCF Youtube ★★★ Read article → Original source ↗
GitHub Copilot Enterprise offers agentic AI capabilities for open source maintainers beyond basic code completion, including agent mode, coding agents, and custom project instructions via .github/copilot-instructions.md files to enforce project conventions and enable cross-repository workflows. The session provides practical strategies for leveraging these tools while considering security implications for open source projects. CNCF Youtube ★★★ Read article → Original source ↗
CNCF built a shared, on-demand GitHub Actions runner platform on Oracle Cloud infrastructure that scales dynamically, isolates workloads across projects, and optimizes costs for CI/CD across CNCF projects. The talk covers the platform's architecture, operational lessons around cost, security, and workload isolation. CNCF Youtube ★★★ Read article → Original source ↗
AI is transitioning from prompt-driven models to agent-based runtimes for production use, requiring cloud-native distributed inference systems designed with open-source principles rather than vendor lock-in. The CNCF ecosystem must evolve to support AI workloads at scale through community-led infrastructure projects. CNCF Youtube ★★★ Read article → Original source ↗