Oslo, Norway
Sep 27, 2023   |  By Erik Burger
Backstage is a platform for building developer portals. Originally developed internally at Spotify, it’s now open source and available through GitHub. Backstage allows DevOps teams to create a single-source, centralized web application for sharing and finding software (through the software catalog feature), as well as templates and documentation.
Sep 1, 2023   |  By Mike Long
If you’re delivering software in a regulated environment, or deploying to a critical application or device, ensuring the security of your software code and dependencies is essential. One of the most popular tools for achieving this is Snyk, which gives developers the ability to find and fix vulnerabilities as part of their development workflow.
Aug 8, 2023   |  By Bruce Johnston
Have you ever needed to provide proof that a critical business process actually took place? It’s a painful process involving all kinds of paperwork, but it’s the reality for many organizations working in highly regulated industries. For these companies, records need to be kept for actions like the provisioning of user accounts and access to sensitive records. It’s necessary, but it’s manual and time-consuming work.
Aug 8, 2023   |  By Mike Long
In this short blog, you will learn how to set up Kosli Notifications so your whole team can stay on top of environment changes and compliance events in real time. 🚀 In fast-paced technology landscapes, understanding how systems are changing is crucial. Developers, DevOps/Platform/SRE teams, security personnel, and management all need this information to manage operational risk, resolve incidents, and just for basic communication with each other.
Jul 3, 2023   |  By Jon Jagger
In this post you’ll learn how Kosli’s Change Forensics gives DevOps, Platform, and Site Reliability Engineers the ability to rapidly pinpoint and understand changes and events in their infrastructure and applications, and get to the cause(s) of an incident quickly.
Jun 27, 2023   |  By Mike Long
In an ideal world CI pipelines would never fail and deployments would be easy to navigate. The reality is that the journey from commit to production can fail in subtle ways that can be hard to understand. And this problem is multiplied by the number of pipelines in your system.
Jun 15, 2023   |  By Deboshree Banerjee
In an increasingly interconnected and data-driven world, where information shapes decisions and fuels innovation, the integrity of data has become paramount. However, lurking beneath the surface is a silent threat that can undermine trust, compromise systems, and wreak havoc on organizations: data tampering. In this post, we delve into the realm of data tampering, exploring the vulnerabilities, the reasons behind data tampering practices, and countermeasures against them.
Jun 4, 2023   |  By Juan Reyes
In this in-depth guide we’ll explore CRLF injection, a web application security vulnerability that can have severe consequences. First, we’ll cover what CRLF injection is, the types of CRLF injection attacks, and their potential impacts. Additionally, we’ll discuss similarities with other attacks, payloads used in these exploits, and how to prevent CRLF injection. Finally, we’ll touch on the role of OWASP in addressing this security risk.
Jun 4, 2023   |  By Juan Reyes
In this post we’ll explore Terraform Import, a powerful command-line tool that allows you to bring existing infrastructure under Terraform management. We’ll cover what Terraform Import is, its common use cases, and how to use it effectively. Additionally, we’ll discuss some limitations you should be aware of when using Terraform Import.
May 29, 2023   |  By Mike Long
For today’s software organizations security has never been more top of mind. On one side there is the present and growing threat of being hacked by malicious actors, set out in Crowdstrike’s recent Global threat report. And, on the other, there is a wave of cybersecurity regulation from the government to mitigate such cybersecurity vulnerabilities.
Sep 8, 2023   |  By Kosli
Who likes software audits? nobody! Meetings? bah. Paperwork? oh no, being eaten? Definitely not! Dive into a whimsical re-imagining of the change management process by Alex Kantor. Based on Alex's talk at Exploring DevOps, security, audit compliance event in Oslo. Discover how the people of land of Paymoria made its epic quest as an engineering driven start up by avoiding paperwork, meetings and automated its change management process and discovered that they could ship faster and build more with Kosli!
Apr 21, 2023   |  By Kosli
Hey Bill Bensing here, Feild CTO @kosli7786 Here's my latest video on our new feature Evidence Vault and how it helps solve audit and compliance for engineering driven organizations like yours. In this video ill show you how Kosli makes the toil of a software audit a breeze.
Dec 19, 2022   |  By Kosli
Espen Thomassen Sæverud - CTO Stacc & Øyvind Fanebust - Partner - Stacc Help, we’re doing ISO! Why, what, and how? Continuous Compliance Espen & Øyvind have extensive experience in banking and finance with particular expertise in the area of Continuous Compliance. In this talk they will take you on a journey towards ISO certification, discussing challenges and best approaches.
Dec 16, 2022   |  By Kosli
A new spin on a classic format, a story about how collaboration, communication, and visibility helped a misunderstood Troll to empower a nation. Alex Kantor, Director of Technology at Modulr, will show you how they used Kosli to enable their developers to release directly to production in a financially regulated environment. Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
Dec 16, 2022   |  By Kosli
Diptesh “Dips” Mishra, CTO for Shoal (a Standard Chartered Venture) will talk about the governance challenges that financial services organisations face when they look to adopt DevSecOps. Dips has worked for Nationwide, Lloyds Banking Group, and RBS and he’ll share key strategies behind successful implementations Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
Dec 16, 2022   |  By Kosli
In this talk Mike will discuss the state of regulated DevOps, share the Kosli startup journey, what we’ve learned along the way, and briefly demo how Kosli helps regulated DevOps teams to deliver software with continuous compliance. Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
Dec 16, 2022   |  By Kosli
With the modern patterns and practices of DevOps and DevSecOps it’s not clear who the front-line owners are anymore. Today, most organizations' internal audit processes have lots of toil and low efficacy. This is something John has referred to in previous presentations as “Security and Compliance Theater.” Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
Dec 16, 2022   |  By Kosli
John Willis - Distinguished Researcher & Author dives into Investments Unlimited the latest novel from IT Revolution. It’s about an investment bank dealing with DevOps, DevSecOps, and IT Risk. John is co-author of this bestseller and he will share the story behind the book, how and why it was created, and the real life lessons it holds for all regulated software organizations.
Dec 16, 2022   |  By Kosli
At Exploring DevOps, security, audit compliance and thriving in the digital age we wrapped up the day with a panel discussion featuring all of our speakers plus Lamisi Gurah - Service Owner / Head of IEP Engineering Productivity at DNB. Come prepared with whatever’s on your mind or follow up on what you’ve heard during the talks. Our speakers would love to take your questions.
Dec 12, 2022   |  By Kosli
Recorded LIVE in Oslo, watch John Willis, co-author of Beyond the Phoenix project 📕 and Investments Unlimited (out now!) as he discusses Modern Governance that satisfies regulators without slowing you down.
May 20, 2023   |  By Kosli
Supply chain Levels for Software Artifacts (SLSA) is a security framework that assists in ensuring the integrity of software artifacts throughout the software supply chain. The Open Source Security Foundation (OpenSSF) introduced SLSA in 2021 to protect software from sources through deployment by helping organizations to counter critical threats. SLSA provides a model for improving supply chain security and integrity, and offers guidance for solving issues related to developer or build systems as exploitable security vectors.

Deliver secure software changes at scale and deploy to production with speed and compliance.

Kosli records an easily searchable history of all your changes from commit to production, so you can quickly find the change you need. Move beyond GitOps and understand how your pipelines and environments are really changing.Continuous monitoring in your runtimes and pipelines:

  • Release software with continuous compliance and zero day audits: Kosli records changes in your environments and pipelines as they happen. Get compliance status in real time and export all the evidence you need for an audit to CSV.
  • Track deployments with full cycle security: Kosli connects what’s running in production with what was qualified in your pipelines. Get alerts for undocumented workloads and any deviations from your security policies.
  • Pinpoint the exact change you need when you need it: Kosli gives you a searchable database of every change made to your systems. Get the answer you need by asking better questions in the browser or the command line.
  • Real-time observability for devs and engineers: Tired of trying to figure out which change broke everything? Need to know where your commit is? Get the ability to see how your environments and pipelines are actually changing and quickly locate the change you need.

Faster changes. Stronger security. Painless audits.