Welcome to the twenty-sixth edition of Platform Engineering Monthly. As always, if you have any suggestions or ideas for the next edition, let me know!

📰 News

Traditional Code Review Is Dead. What Comes Next?

I’m starting to see the cracks in traditional code review myself, particularly with the rise of AI-driven accounts opening thousands of PRs across hundreds of repos. It’s creating real review fatigue and contributing to open source burnout.

Caught in the Middle: The New Role of Platform Teams

Platform engineering is growing beyond its “making things faster” phase and taking on more responsibility across security, compliance, and FinOps. This is why platforms need to support contributions from multiple teams, with platform engineers acting as stewards rather than owning everything directly.

AWS European Sovereign Cloud

More a case of when than if. AWS has finally launched a Sovereign Cloud offering in Europe. The open question is whether it is legally siloed enough to avoid being affected by US policy.

Are your CI/CD pipelines accidentally increasing technical debt?

CI/CD configuration has always felt like a fragmented mess that is guaranteed to drift and cause constant headaches. It’s why tools like Dagger are doing so well: this complexity needs to be contained in real code, not YAML.

Developers are gaming their GitHub profiles

This feels like the flip side of the same problem showing up in code review. Beyond padding commit graphs, I’m seeing AI-driven accounts submitting thousands of low-value PRs across hundreds of repos, seemingly to manufacture reputation as quickly as possible.

Thousands of sensitive secrets published on JSONFormatter and CodeBeautify

Another reminder to always avoid web-based tools for handling sensitive data when the same tasks can easily be done using offline tools or the CLI.

🦮 Learning

Organizing and tracking costs using AWS cost allocation tags

The best time to add cost allocation tags is when you first open your AWS account. The second best time is now.

A Brief Deep-Dive into Attacking and Defending Kubernetes

A really interesting read on how to think about Kubernetes security, particularly from the attacker’s perspective. Worth reading if you work with Kubernetes, just to better understand how to reason about cluster security.

Build Centralized Alerting across your organization with CloudWatch, EventBridge, Lambda, and CDK

A nice, lightweight end-to-end example of how to approach observability in AWS.

Mastering Docker on Windows

Not sponsored, just a book I was asked to recommend.

📁 Interesting Projects

aws-doctor

A tool to help you understand where the money is going and whether you’re spending efficiently.

Tailsnitch

A security auditor for Tailscale configurations.

📅 Events

DX Annual 2026

San Francisco — 16th April 2026
DX is hosting a new conference for Platform Engineering leaders.

KubeCon + CloudNativeCon Europe 2026

Paris — 23rd - 26th March 2026
The big one. Expect heavy focus on platform engineering, internal developer platforms, security, and multi-cluster operations.

PlatformCon Online

Online — 22nd - 26th June 2026
A good signal for where platform engineering thinking is heading without the travel overhead.

Have platform engineering tips to share? Reply to this email or connect with me on LinkedIn.