Operations | Monitoring | ITSM | DevOps | Cloud

Cortex Scorecards + GitHub Rule Sets: Branch Protection at Scale

Stop guessing whether your repos meet your branch policies. Start knowing. In this Feature Friday, Senior Engineering Manager Gabriel walks through Cortex's new native support for GitHub branch rule sets and how to use them in scorecards to enforce consistent policies across all your repos. What you'll see: Questions? Reach out to your CSM or drop a comment below.

Cortex catalog data now flows into Rootly

Incident response is a context problem. The first minutes of any incident are spent reconstructing what the affected service is, what it depends on, and who owns it. That reconstruction happens during the worst possible window. The Cortex catalog already holds this data: services, teams, domains, and the relationships between them, maintained by the engineers who run those systems.

What is an AI software factory?

Ask a software engineer what they do and the answer, for years, has been some version of "I write code." That assumption is unwinding fast. AI agents can now write code, review pull requests, run tests, and ship to production, and they're taking on a fast-growing share of that work. As agents absorb more of the execution, the human role shifts.

How to run an operational excellence review for software engineering

Most engineering organizations already run something they call an operational review. It usually looks like a cousin of the quarterly business review: a deck assembled every few months, walked through team by team, anchored on whatever incidents happened to land in the previous quarter. By the time leadership sees the data, the systems it describes have moved on and the next set of risks is already accumulating in the gap.

Operational excellence (OpEx) reviews: the weekly meeting that actually changes behavior

Cortex co-founder and CTO Ganesh Datta sits down with Shawn Burke, Distinguished Engineer at Cortex, to explore what separates an operational excellence review that drives real engineering behavior from one that produces great conversation and nothing else. Shawn draws on experience from SoFi, Uber, and Microsoft to explain why these reviews so often fail—and how to build a process that actually sticks.

Measuring engineering organizations in the age of AI

Engineering leadership is in the middle of a real transition, and most of the leaders I talk to know it. AI has reshaped how software gets built quickly enough that the operating models many of us spent a decade refining no longer fit cleanly, and there is a great deal of serious work happening across the industry to figure out how these models should evolve. The teams I find most impressive right now are the ones treating their operating model as an open question rather than a settled one.

How to land on the right side of the AI divide

AI changed how code gets written before it changed how code gets operated. Generation accelerated; the downstream controls that turn that output into reliable, secure software at a reasonable cost did not keep pace. The result is elevated risk, distributed unevenly across engineering organizations. A recent survey explains why the distribution is so uneven.

Should platform, SRE, and security merge into one function?

Platform, SRE, and security are three distinct functions in modern engineering orgs, each shaped by a different problem. SRE was the operations function's answer to scale: how to keep systems reliable when the systems get big. Platform answered a different problem: how to let developers ship without becoming infrastructure experts. Security drew the line on what could safely reach production.

Agent governance starts with the service catalog you already run

Last month, an AI agent running inside Cursor wiped PocketOS's entire production database, including its backups, in roughly nine seconds. The agent found an API token in an unrelated file, originally created for managing custom domains, and used that token to execute the deletion. The backups sat inside the same blast radius as the database the agent was operating against. Nine months earlier, a Replit AI agent had done the same thing to a SaaStr database during a designated code freeze.