Automated scanners hit every IP on the internet in minutes. The question isn't whether you get scanned, it's how much damage a breach can do. Origin discovery is typically the first step in any reconnaissance workflow. GreyNoise's 2025 Mass Internet Exploitation Report found that attackers scan the entire internet because it's quick and cheap to do, then immediately go after whatever's exposed. Tools like masscan can hit every IP address on the internet for a specific open port at ten million packets per second. That's the entire IPv4 address space covered in under six minutes from a single machine. Once...

Early in Suga's development, deployments were synchronous. A user would trigger a deploy from the dashboard, and our API would handle it inline. This works in theory, but in practice, a user can easily just refresh their browser mid-deployment, and all the context would be lost. From their perspective, the deployment would have just stopped. No state, no progress, no way to tell if it had succeeded or was still running somewhere in the background. We needed a proper workflow engine. Something that could maintain execution state independently of the client, survive server restarts, and let a user close their...

The way I build software has changed more in the last year than in the decade before it. Take a decision like whether to process a new order with a background job or a webhook. Before AI tooling, the workflow looked something like this: identify the problem, spend time researching the tradeoffs, check how others had solved it in similar systems, form a plan, write the code, test it locally, then do everything needed to actually ship it. The whole thing, from identifying the problem to having it running in production, might take a couple of days or weeks depending...

March was a big month for Suga, we added custom domains with automatic certificates, wired up GitHub for source-linked builds that redeploy on push, enhanced the template browser, improved environment forking, added a new sidebar, and a bunch of smaller improvements across the board. If there's something you'd like to see next, or something we can do better, come tell us in Discord. Route traffic from your own domains to services running on Suga. Point a subdomain like or an apex domain like at your service, and Suga handles DNS verification and SSL certificates automatically. Read the docs · Changelog....