Cloud Native & Open Source: A Team Lead’s Working Journal 💻

The Unexpected Swag from KubeCon EU 2026 KubeCon EU 2026 Amsterdam was a great edition. I walked away with good conversations, new connections, and the usual conference bag full of stickers. But one thing stood out among the swag: six months of GitHub Copilot Pro+, courtesy of GitHub. I’m not going to pretend I wasn’t excited. Copilot Pro+ isn’t cheap, and having it handed to you as conference loot—just because you showed up in the right place, accepting the right invitation—felt like a proper thank-you to the community. GitHub clearly knows its audience. ...

As usual after KubeCon, I went offline for a few days to recharge. After an intense week like that, it’s not optional; it’s survival. Four in a Row KubeCon EU 2026 Amsterdam delivered, as it always does. This was my fourth consecutive KubeCon (something that still feels surreal when I think about it). None of this would have been possible without the support of SIGHUP and ReeVo, who have consistently believed in the value of being present and active in this community. Genuine gratitude goes to both of them. ...

Introduction Trivy, the widely adopted open-source security scanner from Aqua Security, is a cornerstone of modern CI/CD pipelines and container security. With over 33,000 stars on GitHub as of March 2026, its footprint spans across Docker images, Homebrew, and countless developer machines. This ubiquity, however, made the supply-chain compromise discovered between March 19–21, 2026, particularly devastating. The incident was not a single point of failure but a multi-stage attack involving malicious releases, manipulated GitHub Actions, and a self-propagating worm that leveraged decentralized infrastructure. ...

In the last few days, we’ve witnessed a significant milestone for the global software ecosystem. A powerhouse coalition of tech leaders (including Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI) has committed $12.5 million in grant funding to advance open-source security. This isn’t just another corporate donation; it’s a strategic investment in the very foundation of modern technology. Why This Matters Now Open-source software (OSS) is the bedrock of everything from cloud infrastructure to the apps on your phone. However, as the ecosystem grows, so do the threats. We are currently seeing an “unprecedented influx” of security vulnerabilities, many discovered by automated AI systems. ...

Next week, I’ll be in Amsterdam for KubeCon EU 2026 (you can read my preview here), and my journey starts this Monday with the GitHub Social Club: Amsterdam. I was lucky enough to snag an invitation via LinkedIn and jumped at the chance to join. As someone who has used GitHub for years (both for personal projects and corporate needs) I’ve always appreciated the platform’s reliability. However, after a month of putting GitHub Copilot Pro through its paces, I’m genuinely surprised it isn’t even more ubiquitous. If you aren’t a “super heavy” coder but want access to the best tools, this is arguably the highest value-for-money platform in the AI space right now. ...

The countdown is on. As of March 2026, we are less than five months away from the full applicability of the EU AI Act (August 2, 2026). For those of us running AI workloads on Kubernetes, whether it’s self-hosted inference engines like vLLM or RAG-based agentic systems, compliance is no longer a legal “later” problem. It’s an engineering “now” problem. Before we dive into the technical implementation, let’s look at the critical roadmap and the cost of getting it wrong: ...

Intro We have all been there: a Slack notification triggers an alert for a “Critical” CVE, and the scramble to patch begins. But as our clusters grow, so does the noise. The most jarring security stories are often the ones happening silently inside our own production environments. Datadog recently released its State of DevSecOps 2026 report, and the numbers provide a sobering reality check for anyone managing cloud-native infrastructure. The report reveals that 87% of organizations are currently running at least one known exploitable vulnerability in their deployed services. Even more concerning is that many of these services rely on libraries that have been abandoned by their maintainers. This is not just a theoretical problem; it is based on telemetry from thousands of real-world cloud environments, making the findings impossible to dismiss. ...

The countdown to KubeCon + CloudNativeCon Europe 2026 has officially entered its final stage! In just a few weeks, the global cloud-native community will descend upon the RAI Amsterdam (March 23–26), and I couldn’t be more excited. For ReeVo, this is a massive and strategic milestone. We are returning as a proud sponsor, and we are arriving in force. This isn’t just a marketing trip; it’s a mission. ...

Quick Follow-Up After publishing the initial ACTUI article, I kept developing the tool. I started using it regularly and shared it with my team. Some feedback came in, and I naturally improved things during my free time. This is a quick update on what changed. What Changed Submenu Structure The original flat menu worked for a demo but felt cluttered with more features. I restructured the interface into three main sections: ...

Introduction to the AI Frontier The AI race has largely boiled down to a high-stakes contest between the US and China. On one side, established US companies like Anthropic, OpenAI, Google, and X have continuously pushed the boundaries of frontier AI models. Anthropic, the research lab behind Claude, is best known for its focus on AI safety and its unique ‘constitutional’ approach to alignment. Meanwhile, several Chinese tech firms have been fast-tracking models to compete with the best systems coming out of the US. This competition reached a turning point when Anthropic revealed it had been targeted by industrial-scale ‘distillation attacks’ from three major Chinese AI labs. ...