Operations | Monitoring | ITSM | DevOps | Cloud

Latest Posts

Using Kosli to signal a change freeze

Like many software teams, here at Kosli we use a continuous delivery approach. This means that every commit to our trunk is automatically built, tested, and deployed to our production-like staging environment. This provides us with the confidence that every build is potentially deployable to production. We use our staging environment to perform final exploratory testing before we deploy to production. Deployments to production are “on-demand”.

Binary Provenance, SBOMs and the Software Supply Chain for Humans

“What’s really running in prod?” Every engineer will hear these immortal words on a long enough timeline (or career). It might be because a new security zero day was dropped, alerts fired from the depths of a vast microservice architecture, or you might just be looking to know what commit was actually tested. Either way, it often comes with the promise of a stressful day.

Migration Announcement: Transitioning from Legacy Flows to Flows with Trails

We are excited to announce that we will be migrating your Kosli Flows data to Flows with Trails. This transition will unlock access to our latest features, such as the first-class Sonar integration, as well as upcoming ones like environment compliance policies and custom attestation types. Legacy Flows have served us well in the early stages, where they were designed to map the value stream of producing a single software artifact.

Using Kosli attest in Github Actions Workflows - Some Do's and Don'ts

The heart of Kosli’s functionality lies in its attest command. Think of it as a digital notary for your CI process. Every time you complete a significant step in your pipeline (e.g., a security scan, a build, a deployment, etc) you use kosli attest to create an immutable record of that event. However, integrating Kosli into your existing CI workflow isn’t always straightforward. You might find yourself grappling with questions like.

Record an immutable record of all changes made to your LaunchDarkly feature flags with Kosli

We’re thrilled to introduce our latest integration with LaunchDarkly! This powerful combination allows you to keep an immutable record of all changes made to your feature flags using Kosli Trails, ensuring you have the information you need for audits, compliance checks, security investigations, and incident responses.

Introducing Kosli's Logical Environments: Gain total visibility and control over complex systems

In today’s fast-paced development landscape, environments are no longer simple or isolated. You’re managing resources that span across development stages, geographies, and technologies. And as those environments grow more complex, so does the need for a more logical and efficient way to manage them.

Streamline code quality: Integrating SonarCloud and SonarQube scanning with Kosli for automated compliance

Static code analysis is an important part of testing your software to ensure it is release-ready. In contrast to dynamic testing, which involves executing your code to find errors, static analysis uses automated tools to “look” through the code, without executing it, to find potential errors (including potential security issues) and bugs. Since the code does not need to be executed, static testing can begin much earlier in development than dynamic testing.

From lean manufacturing to DevOps: The software factory revolution

In our journey through the evolution of compliance in the DevOps era, we’ve seen the limitations of traditional compliance methods and the high stakes of compliance failures. Manual processes, siloed teams, and a lack of automation have turned compliance into a bottleneck, hindering the agility promised by DevOps.

The high stakes of SDLC compliance: Lessons from EVE Online's battle of B-R5RB and Equifax

n our previous exploration of The Punchcard Paradigm, we traced the roots of modern compliance practices back to the early days of computing. We saw how the physical constraints of punchcards shaped programming practices and how those practices lingered long after the technology had evolved. Now, let’s dive deeper into why modern compliance is more critical than ever in today’s digital landscape.