Operations | Monitoring | ITSM | DevOps | Cloud

Latest Posts

From lean manufacturing to DevOps: The software factory revolution

In our journey through the evolution of compliance in the DevOps era, we’ve seen the limitations of traditional compliance methods and the high stakes of compliance failures. Manual processes, siloed teams, and a lack of automation have turned compliance into a bottleneck, hindering the agility promised by DevOps.

The Punchcard Paradigm: Tracing the Roots of Modern Compliance

In the early days of computing, creating software was a physical act, more akin to factory work than the streamlined digital process we know today. Programmers meticulously transcribed logic onto coding sheets, distinguishing zeros from ‘Os’ and ones from ‘Is’. These cryptic symbols formed the instructions that would be punched into thick card stock decks.

Kosli and Swiss Digital Network partner to enhance Continuous Compliance and Verification

We are thrilled to announce a strategic partnership between Kosli and Swiss Digital Network (SDN). This collaboration is set to revolutionize how Swiss organizations approach Continuous Compliance and Verification, combining the strengths of both companies to enabeling regulated sectors like finance and healthcare the power to deliver software with security, compliance, and speed.

Why we've open sourced our secure SDLC process template

One of the big things we’ve learned since starting Kosli is that engineers often struggle to define an SDLC for compliance purposes. That doesn’t mean they don’t know how to deliver secure, quality software. They’ve just never had to actually define a process for how they do it. Perfectly capable engineers can spend years shipping great products and features without ever having to properly define and standardize their SDLC.

How to achieve SOC 2 Type 2 in 90 days with Drata and Kosli

Every software purchasing decision has a security impact, and with information security threats on the rise, companies are increasingly concerned about third party vendor risks. That’s why for companies to sell software these days it is no longer enough to be secure, you also need to be able to prove it. Over the last year or so we’ve noticed an increasing expectation that software companies, even SMEs and startups, should be SOC 2 compliant.

How to track Infrastructure as Code changes in Terraform with Kosli

Infrastructure as Code (IaC) has emerged as a cornerstone for efficiently managing and provisioning infrastructure. Among the many tools available, Terraform has gained unparalleled popularity, offering a declarative approach to defining and deploying infrastructure. But as organizations increasingly embrace IaC to achieve scalability, consistency, and agility, a critical challenge emerges: how to ensure compliance and authorization for infrastructure changes.

Kosli Achieves SOC 2 Type 2 Compliance: Strengthening Our Commitment to Security

We are thrilled to announce that Kosli has successfully completed a SOC 2 Type 2 audit, demonstrating our commitment to the security, quality, and operational excellence our customers expect. This achievement builds upon our existing SOC 2 Type 1 compliance, further solidifying our dedication to robust security practices.

How to record an audit trail for any DevOps process with Kosli Trails

In this article I’m going to introduce Kosli Trails. This is a new feature that allows you to record an audit trail for any DevOps process. It’s already in production and being used to record Terraform pipelines, CI processes, server access, feature toggles, and more.

How to build DevOps automations with Kosli Actions

Kosli allows regulated organizations to scale their continuous delivery so that they can deploy changes to production at maximum speed without the risk of non-compliance. It does this by recording all of the data you need to get through regulatory events like audits. With Kosli you can record everything that happens in your software delivery process from initial requirement all the way through to deployment to production. Events like builds, tests, scans, code reviews, etc.