Like many software teams, here at Kosli we use a continuous delivery approach. This means that every commit to our trunk is automatically built, tested, and deployed to our production-like staging environment. This provides us with the confidence that every build is potentially deployable to production. We use our staging environment to perform final exploratory testing before we deploy to production. Deployments to production are “on-demand”.

With software delivery, speed is everything. But how do you balance rapid delivery with quality, security, and compliance? To answer this question, let’s embark on a journey - one that starts in a software factory to running on the production superhighway.

“What’s really running in prod?” Every engineer will hear these immortal words on a long enough timeline (or career). It might be because a new security zero day was dropped, alerts fired from the depths of a vast microservice architecture, or you might just be looking to know what commit was actually tested. Either way, it often comes with the promise of a stressful day.

We are excited to announce that we will be migrating your Kosli Flows data to Flows with Trails. This transition will unlock access to our latest features, such as the first-class Sonar integration, as well as upcoming ones like environment compliance policies and custom attestation types. Legacy Flows have served us well in the early stages, where they were designed to map the value stream of producing a single software artifact.

The heart of Kosli’s functionality lies in its attest command. Think of it as a digital notary for your CI process. Every time you complete a significant step in your pipeline (e.g., a security scan, a build, a deployment, etc) you use kosli attest to create an immutable record of that event. However, integrating Kosli into your existing CI workflow isn’t always straightforward. You might find yourself grappling with questions like.

We’re thrilled to introduce our latest integration with LaunchDarkly! This powerful combination allows you to keep an immutable record of all changes made to your feature flags using Kosli Trails, ensuring you have the information you need for audits, compliance checks, security investigations, and incident responses.

In today’s fast-paced development landscape, environments are no longer simple or isolated. You’re managing resources that span across development stages, geographies, and technologies. And as those environments grow more complex, so does the need for a more logical and efficient way to manage them.

Static code analysis is an important part of testing your software to ensure it is release-ready. In contrast to dynamic testing, which involves executing your code to find errors, static analysis uses automated tools to “look” through the code, without executing it, to find potential errors (including potential security issues) and bugs. Since the code does not need to be executed, static testing can begin much earlier in development than dynamic testing.

n our previous exploration of The Punchcard Paradigm, we traced the roots of modern compliance practices back to the early days of computing. We saw how the physical constraints of punchcards shaped programming practices and how those practices lingered long after the technology had evolved. Now, let’s dive deeper into why modern compliance is more critical than ever in today’s digital landscape.

Picture a gruff-voiced sergeant from the classic TV series “Dragnet,” but instead of solving crimes, they are navigating the complex world of software delivery. Their catchphrase, “Just the facts” isn’t just a catch phrase – it’s the mantra we need in today’s high-stakes world of DevOps, AppSec and Compliance.