IaCConf 2026 is back on May 14, free and virtual. Corey Quinn is keynoting on AI writing Terraform code, and if that’s part of your stack, it’s worth the two hours.

Wiz traced a GitHub Actions supply chain campaign to six accounts pushing AI-generated malicious packages under the prt-scan name. A researcher also found that Claude Code’s deny rules are silently bypassed when the token cost of running security checks gets too high. Cloudflare shipped Artifacts, versioned storage that speaks Git and targets agent workflows, and Duolingo walked through migrating 500+ backend services from ECS to EKS with Argo CD and IPv6-only pod networking.

On the tutorial side: Grafana’s Kubernetes monitoring Helm chart v4, deploying MCP servers on Amazon ECS, how Slack manages context in long-running agentic applications, Cloudflare’s reference architecture for safer enterprise MCP deployments, and a straight question: do you even need a database?

Open source this week includes codeburn, a terminal dashboard tracking AI coding token costs across Claude Code, Codex, Cursor, and Copilot, tigerfs for mounting PostgreSQL as a filesystem you can browse with ls and cat, mergetopus for parallelizing large Git merges across multiple developers, and aimock, a single-package mock for LLM APIs, MCP, vector DBs, and search.

Join the IaCConf 2026 Keynote: “AI Speaks Terraform Like a Tourist”

Nobody calls out cloud infrastructure nonsense quite like Corey Quinn. If your team is using AI to write infrastructure code, you NEED to come hear this. Join us for his keynote at the free virtual conference built for engineers who manage infrastructure at scale - Grab your free spot

Newsworthy stories

• Inside the prt-scan supply chain campaign

• How GitHub uses eBPF to improve deployment safety

• The AWS Lambda “kiss of death”

• I imported the Linux kernel into PostgreSQL

• Versioned storage that speaks Git

• Duolingo’s Kubernetes leap

• Critical Claude Code vulnerability

• Vulnerability research is cooked

Tutorials of the week

• Kubernetes monitoring Helm chart v4

• Using GitHub Copilot to write unit tests fast

• The Claude Code DevSecOps shift on AWS

• Transforming FinOps with the latest Amazon Q cost capabilities

• Do you even need a database?

• Deploying MCP servers on Amazon ECS

• Managing context in long-run agentic applications

• Reference architecture for enterprise deployments of MCP

• A GitHub agentic workflow

• Multi-agent system reliability

Videos of the week

Projects of the week

• pompelmi is a minimal Node.js wrapper around ClamAV that scans any file for malware.

• hiraeth is a local AWS emulator built for fast SQS integration testing, with SQLite state persistence and a built-in web debugging interface.

• codeburn is a terminal UI dashboard that tracks AI coding token usage and costs across Claude Code, Codex, Cursor, and GitHub Copilot.

• mergetopus is a tool that untangles complex Git merges by splitting conflicted files into parallel slice branches, letting multiple developers resolve different conflicts at the same time.

• tigerfs is a Go filesystem interface backed by PostgreSQL that lets you mount a database and browse it with standard Unix tools.

• osv.dev is Google’s open source vulnerability database and triage service, tracking vulnerabilities across multiple package ecosystems.

Meme of the week