Eakan Gopalakrishnan

This hardening effort was directly triggered by the recent Trivy supply chain compromise, which impacted some repositories in my workplace and prompted a full review of my own repository controls. If you want the incident and response details, these two links are worth reading first: Incident analysis: Trivy Compromised a Second Time (StepSecurity) Official disclosure and remediation guidance: Aqua Security discussion #10425 This post is an updated, end-to-end view of the hardening work I applied to this repository. ...

I was hardening this blog’s GitHub repository as part of a security series — adding CodeQL static analysis, Dependabot, and secret scanning. Everything went smoothly until I tried to run CodeQL in a workflow against my personal, private repository. The workflow ran. The analysis completed. And then it failed with this: Warning: This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. Code scanning is not enabled for this repository. The repository settings showed Code Scanning as available. The workflow had security-events: write. The YAML was valid. The workflow was not running from a fork. Nothing obvious was wrong. ...

In software engineering, your output - the code that you write, is only as good as what you have learned, experienced and understood from your conversations with the client, which is the input. This is true when working with Large Language Models (LLMs). If you use GenAI tools to complement your expertise in software engineering, then here are some strategies you can use to move beyond basic code generation and into collaborative development, or better pair programming with AI. ...

Large Language models have evolved over the last decade but there is still time to learn and understand them. Let me share some resources I found useful. Andrej Karpathy - Intro to Large Language Models An excellent introduction video recorded by Andrej Karpathy, one of the co-founders of the world’s most notorious AI company, OpenAI, which he left in 2024 to found Eureka Labs. [1hr Talk] Intro to Large Language Models ...

The Beginning: A Problem There was a time when, every month, I spend 10-15 minutes reconciling on-call rotas for payroll - this was just for my teams. As an engineering manager responsible for multiple teams, this task was boring but necessary to compensate my engineers who bore the inconvenience of on-call responsibilities. I’d manually review PagerDuty schedules, count weekday versus weekend hours, apply different compensation rates, and compile everything for payroll processing. The more teams one had, the more time it took away from the already tightly packed schedule of an engineering manager, who manages multiple teams. ...

Reliability planning is most effective when it starts during design, not shortly before release. This post focuses on how Service Level Objectives (SLOs) and Service Level Indicators (SLIs) can be used early in the SDLC to guide architecture and delivery choices. Remind me what they are again SLI - Service Level Indicator A quantitative metric for a service’s performance, as experienced by the user of the service. It is a measure of a property of the service that is a good proxy for your user experience. ...

I used to regularly run the engineering manager community of Practice at my current workplace. I loved and still love it. But now I barely get time to do anything extra. My hours are so squeezed into a specific slot of time - the time when my toddler is not at home. :D I got asked in the community slack channel a very important question. One that a lot of engineering managers debate in their heads. Especially if they used to be tech leads and then switched to managing others. They get their joy from helping others develop and also building something that others can use. ...

In event-driven systems, services often need to update local state and publish an event for other services. Doing these as separate operations introduces a consistency risk known as the Dual Write Problem. The core requirement is simple: the database write and event publication should represent one logical change. If one succeeds and the other fails, downstream systems may observe incomplete state. The Transactional Outbox Pattern is a practical way to address this in many microservice architectures. ...

Never in my wildest dreams did I think I’d hear of an agile management framework of this name - HoneyBadger. What is HoneyBadger? HoneyBadger is an agile management framework. Now that doesn’t make much sense does it? Don’t we already have plenty of agile management frameworks? Let’s start breaking that down a bit Info ...

In my earlier post, I shared how I clicked a button to migrate Azure CDN to Front Door and then started being charged a lot for hosting a simple blog on Azure. So I decided to end my relationship with Azure and move on to greener pastures with AWS. It was not too much work, so why not. I read about AWS Amplify and saw that it was the perfect solution to my problem. So off I went looking for resources to get onboard. ...