On April 26, 2025, Grafana Labs experienced a security incident due to a vulnerable GitHub Action, which allowed unauthorized code execution and exposure of environment variables within a trusted environment. The company has confirmed that no code modifications, unauthorized access to production systems, or exposure of customer data occurred. In response, Grafana Labs has implemented several security measures, including mandatory use of Gato-X for detecting insecure GitHub Actions and Zizmor for static code analysis, as well as using TruffleHog to scan for exposed credentials. The incident prompted a comprehensive review of their systems, ensuring no integrity or availability issues arose, and led to improvements in security practices such as credential compartmentalization and enhanced alerting capabilities. Grafana Labs has publicly shared the incident details and reinforced its commitment to transparency and security enhancements to prevent future vulnerabilities.