Granafa: Investigations found that recent security incidents did not affect customers' production systems and operations.

CoinFeed reported on May 20th that Grafana, an open-source data visualization tool, released an update on its investigation into the May 16th security incident. The investigation found that the incident was limited to Grafana Labs' GitHub environment, including public and private source code and internal GitHub repositories, and did not affect customer production systems, operations, or the Grafana Cloud platform. The downloaded content, in addition to source code, included repositories used by some teams for collaboration and storing internal operational information and business details, involving business contact names and email addresses, rather than data from production systems or the cloud platform. Grafana Labs explicitly stated that the codebase was downloaded but not tampered with, and customers and open-source users do not need to take any action at this time. This incident stemmed from a TanStack npm supply chain attack carried out through the Mini Shai-Hulud campaign.