Operations | Monitoring | ITSM | DevOps | Cloud

How Norsk Tipping uses feature flags to govern their deployments

Norsk Tipping is Norway’s state-owned gaming operator, running 2,500 to 3,000 production releases a year across iOS, Android, web and backend systems. Like every regulated organisation at scale, the platform team has to hold two things in tension: maintain strict deployment controls that stand up to audit, and keep the path to production open so that 100 engineers can ship safely.

Snyk vulnerability compliance with kosli evaluate trail

Kosli recently released kosli evaluate trail, a command that evaluates selected attestations in a Kosli trail against a Rego policy file. We used it to build a complete and useful solution for tracking Snyk container vulnerabilities for cyber-dojo (an open-sourced browser based online tool for practising TDD which Kosli uses for demos). You’ll read about what we built, why we built it, how we tested it, and specifically.

Announcing Kosli's brand new docs

Good docs are how developers work with a product, from first look to daily use. That’s been true for a long time, and it’s becoming more true as developers increasingly hand that work to agents on their behalf. During the last quarter, we’ve been migrating docs.kosli.com from a static Hugo site to Mintlify, and now it’s finally live. Early reactions from our customers: “A marked improvement over the old docs in layout and usability.” “Looking sharp!”

Diff-erent Perspectives: How Specialized LLM Personas Catch More Bugs

We’ve built a multi-LLM PR reviewer that runs on every pull request in a couple of our own repos. Two independent models look at each change in parallel, each wearing a set of “persona hats” tuned to a specific area of the codebase. They compare notes, duplicates get stripped out, and the PR author ends up with a single review comment rather than a wall of noise.

Introducing Code Repositories in Kosli

Kosli gives your organization a complete picture of software delivery - every build, scan, deployment, and compliance event tracked. Until now that picture was most useful to the people managing governance. However, developers shipping code had to ask someone else what versions of their code were running, how long it was taking to get to production, or what their deployment frequency was. Repositories change that.

Kosli and Adaptavist Partner to Automate Governance for AI driven Software Delivery

Today, Kosli and Adaptavist announce a strategic partnership to help regulated enterprises automate governance for AI driven software delivery - making it automated, continuous, and evidence-driven rather than a manual checkpoint that sits apart from DevOps and CI/CD. Adaptavist brings deep enterprise DevOps transformation expertise: assessment and strategy, DevSecOps integration, developer experience, and implementation across Atlassian, GitLab, and AWS.

Introducing kosli evaluate: Rego Policy Evaluation for Your Compliance Data

If you’re evaluating compliance controls against your Kosli trail data today, there’s a good chance you’ve written some glue code to make it work. A script that pulls trail data from the API. Another that downloads attestations one by one. Something that mangles the JSON together into a shape that your chosen compliance engine can evaluate. And then that engine itself, whether it’s OPA, a custom Python script, or something else, installed and configured in your pipeline.

A Technical Guide to Controls Engineering

The modern world runs on mission-critical software. It moves our money, drives our cars, diagnoses our illnesses, and fundamentally improves our lives. But, organizations building this critical software face a paradox: they need to move fast to stay competitive, but they also need rigorous governance to manage risk. This has created a lot of tension in regulated industries.

Environment support in Terraform Provider for Kosli - v0.2.0

We’re excited to announce support of physical environments in the Terraform Provider for Kosli! What’s Included Environment Management: Full lifecycle support for creating, updating, and managing physical environments types: K8S, ECS, S3, docker, server, and lambda. Manage legacy environments as IaC: Import your existing physical environments to have Terraform manage them.