|
By Jon Jagger
The kosli attest generic CLI command can attest anything, but unlike a “typed” attestation (such as kosli attest snyk), it does not calculate a true/false compliance value for you. Customers have reported that while a generic “escape hatch” is useful, it nevertheless has some drawbacks: Based on this feedback we’ve implemented a new attest command called kosli attest custom.
|
By Mike Long
We are thrilled to announce that Kosli has joined the Fintech Open Source Foundation (FINOS), a Linux Foundation organization dedicated to fostering collaboration and innovation in financial services technology. Our goal is to engage the community establishing common standards and automation practices for DevOps controls and change management automation.
|
By Jon Jagger
All but one of the kosli attest commands calculate the true/false compliance value for you based on their type. For example, kosli attest snyk can read the sarif output file produced by a snyk scan. The one that doesn’t is kosli attest generic which is “type-less”. It can attest anything, but Kosli cannot calculate a true/false compliance value for you. Often the tool you are using can generate the true/false value, which is then easy to capture.
|
By Jon Jagger
The Kosli CLI provides several attest commands, such as kosli attest snyk, kosli attest jira, etc. These attestations are “typed” - each one knows how to interpret its own particular kind of input. For example, kosli attest snyk interprets the sarif file produced by a snyk container scan to determine the true/false value for that individual attestation.
|
By Steve Tooke
Like many software teams, here at Kosli we use a continuous delivery approach. This means that every commit to our trunk is automatically built, tested, and deployed to our production-like staging environment. This provides us with the confidence that every build is potentially deployable to production. We use our staging environment to perform final exploratory testing before we deploy to production. Deployments to production are “on-demand”.
|
By Billy McGee
With software delivery, speed is everything. But how do you balance rapid delivery with quality, security, and compliance? To answer this question, let’s embark on a journey - one that starts in a software factory to running on the production superhighway.
|
By Mike Long
“What’s really running in prod?” Every engineer will hear these immortal words on a long enough timeline (or career). It might be because a new security zero day was dropped, alerts fired from the depths of a vast microservice architecture, or you might just be looking to know what commit was actually tested. Either way, it often comes with the promise of a stressful day.
|
By Sami Alajrami
We are excited to announce that we will be migrating your Kosli Flows data to Flows with Trails. This transition will unlock access to our latest features, such as the first-class Sonar integration, as well as upcoming ones like environment compliance policies and custom attestation types. Legacy Flows have served us well in the early stages, where they were designed to map the value stream of producing a single software artifact.
|
By Jon Jagger
The heart of Kosli’s functionality lies in its attest command. Think of it as a digital notary for your CI process. Every time you complete a significant step in your pipeline (e.g., a security scan, a build, a deployment, etc) you use kosli attest to create an immutable record of that event. However, integrating Kosli into your existing CI workflow isn’t always straightforward. You might find yourself grappling with questions like.
|
By Jonathan Coull
We’re thrilled to introduce our latest integration with LaunchDarkly! This powerful combination allows you to keep an immutable record of all changes made to your feature flags using Kosli Trails, ensuring you have the information you need for audits, compliance checks, security investigations, and incident responses.
|
By Kosli
In this video, we explore how Kosli’s SDLC Recording can revolutionize your DevOps workflow by automating and streamlining the collection of crucial control evidence. Say goodbye to manual documentation and endless meetings, and hello to full visibility and instant audit trails.
|
By Kosli
Espen Thomassen Sæverud - CTO Stacc & Øyvind Fanebust - Partner - Stacc A snippet from: Help, we’re doing ISO! Why, what, and how? Continuous Compliance Espen & Øyvind have extensive experience in banking and finance with particular expertise in the area of Continuous Compliance. In this talk they will take you on a journey towards ISO certification, discussing challenges and best approaches.
|
By Kosli
Transforming Compliance and Deployment: Innovative Strategies in Tech Alex Kantor speaking at DIGIT-EVENTS, ITSX SUMMIT Talk: Sustaining and Enhancing Service Delivery Amid Change and Disruption.
|
By Kosli
Who likes software audits? nobody! Meetings? bah. Paperwork? oh no, being eaten? Definitely not! Dive into a whimsical re-imagining of the change management process by Alex Kantor. Based on Alex's talk at Exploring DevOps, security, audit compliance event in Oslo. Discover how the people of land of Paymoria made its epic quest as an engineering driven start up by avoiding paperwork, meetings and automated its change management process and discovered that they could ship faster and build more with Kosli!
|
By Kosli
Hey Bill Bensing here, Feild CTO @kosli7786 Here's my latest video on our new feature Evidence Vault and how it helps solve audit and compliance for engineering driven organizations like yours. In this video ill show you how Kosli makes the toil of a software audit a breeze.
|
By Kosli
Espen Thomassen Sæverud - CTO Stacc & Øyvind Fanebust - Partner - Stacc Help, we’re doing ISO! Why, what, and how? Continuous Compliance Espen & Øyvind have extensive experience in banking and finance with particular expertise in the area of Continuous Compliance. In this talk they will take you on a journey towards ISO certification, discussing challenges and best approaches.
|
By Kosli
A new spin on a classic format, a story about how collaboration, communication, and visibility helped a misunderstood Troll to empower a nation. Alex Kantor, Director of Technology at Modulr, will show you how they used Kosli to enable their developers to release directly to production in a financially regulated environment. Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
|
By Kosli
Diptesh “Dips” Mishra, CTO for Shoal (a Standard Chartered Venture) will talk about the governance challenges that financial services organisations face when they look to adopt DevSecOps. Dips has worked for Nationwide, Lloyds Banking Group, and RBS and he’ll share key strategies behind successful implementations Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
|
By Kosli
In this talk Mike will discuss the state of regulated DevOps, share the Kosli startup journey, what we’ve learned along the way, and briefly demo how Kosli helps regulated DevOps teams to deliver software with continuous compliance. Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
|
By Kosli
With the modern patterns and practices of DevOps and DevSecOps it’s not clear who the front-line owners are anymore. Today, most organizations' internal audit processes have lots of toil and low efficacy. This is something John has referred to in previous presentations as “Security and Compliance Theater.” Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
|
By Kosli
Supply chain Levels for Software Artifacts (SLSA) is a security framework that assists in ensuring the integrity of software artifacts throughout the software supply chain. The Open Source Security Foundation (OpenSSF) introduced SLSA in 2021 to protect software from sources through deployment by helping organizations to counter critical threats. SLSA provides a model for improving supply chain security and integrity, and offers guidance for solving issues related to developer or build systems as exploitable security vectors.
- February 2025 (4)
- November 2024 (3)
- October 2024 (3)
- September 2024 (2)
- August 2024 (3)
- July 2024 (1)
- June 2024 (1)
- May 2024 (2)
- April 2024 (2)
- March 2024 (4)
- January 2024 (6)
- December 2023 (5)
- November 2023 (8)
- October 2023 (8)
- September 2023 (3)
- August 2023 (2)
- July 2023 (1)
- June 2023 (4)
- May 2023 (9)
- April 2023 (7)
- December 2022 (8)
- August 2022 (1)
- March 2022 (1)
Deliver secure software changes at scale and deploy to production with speed and compliance.
Kosli records an easily searchable history of all your changes from commit to production, so you can quickly find the change you need. Move beyond GitOps and understand how your pipelines and environments are really changing.Continuous monitoring in your runtimes and pipelines:
- Release software with continuous compliance and zero day audits: Kosli records changes in your environments and pipelines as they happen. Get compliance status in real time and export all the evidence you need for an audit to CSV.
- Track deployments with full cycle security: Kosli connects what’s running in production with what was qualified in your pipelines. Get alerts for undocumented workloads and any deviations from your security policies.
- Pinpoint the exact change you need when you need it: Kosli gives you a searchable database of every change made to your systems. Get the answer you need by asking better questions in the browser or the command line.
- Real-time observability for devs and engineers: Tired of trying to figure out which change broke everything? Need to know where your commit is? Get the ability to see how your environments and pipelines are actually changing and quickly locate the change you need.
Faster changes. Stronger security. Painless audits.