Kosli

Oslo, Norway
2019
  |  By Steve Tooke
Like many software teams, here at Kosli we use a continuous delivery approach. This means that every commit to our trunk is automatically built, tested, and deployed to our production-like staging environment. This provides us with the confidence that every build is potentially deployable to production. We use our staging environment to perform final exploratory testing before we deploy to production. Deployments to production are “on-demand”.
  |  By Billy McGee
With software delivery, speed is everything. But how do you balance rapid delivery with quality, security, and compliance? To answer this question, let’s embark on a journey - one that starts in a software factory to running on the production superhighway.
  |  By Mike Long
“What’s really running in prod?” Every engineer will hear these immortal words on a long enough timeline (or career). It might be because a new security zero day was dropped, alerts fired from the depths of a vast microservice architecture, or you might just be looking to know what commit was actually tested. Either way, it often comes with the promise of a stressful day.
  |  By Sami Alajrami
We are excited to announce that we will be migrating your Kosli Flows data to Flows with Trails. This transition will unlock access to our latest features, such as the first-class Sonar integration, as well as upcoming ones like environment compliance policies and custom attestation types. Legacy Flows have served us well in the early stages, where they were designed to map the value stream of producing a single software artifact.
  |  By Jon Jagger
The heart of Kosli’s functionality lies in its attest command. Think of it as a digital notary for your CI process. Every time you complete a significant step in your pipeline (e.g., a security scan, a build, a deployment, etc) you use kosli attest to create an immutable record of that event. However, integrating Kosli into your existing CI workflow isn’t always straightforward. You might find yourself grappling with questions like.
  |  By Jonathan Coull
We’re thrilled to introduce our latest integration with LaunchDarkly! This powerful combination allows you to keep an immutable record of all changes made to your feature flags using Kosli Trails, ensuring you have the information you need for audits, compliance checks, security investigations, and incident responses.
  |  By Jonathan Coull
In today’s fast-paced development landscape, environments are no longer simple or isolated. You’re managing resources that span across development stages, geographies, and technologies. And as those environments grow more complex, so does the need for a more logical and efficient way to manage them.
  |  By Faye Walker
Static code analysis is an important part of testing your software to ensure it is release-ready. In contrast to dynamic testing, which involves executing your code to find errors, static analysis uses automated tools to “look” through the code, without executing it, to find potential errors (including potential security issues) and bugs. Since the code does not need to be executed, static testing can begin much earlier in development than dynamic testing.
  |  By Billy McGee
n our previous exploration of The Punchcard Paradigm, we traced the roots of modern compliance practices back to the early days of computing. We saw how the physical constraints of punchcards shaped programming practices and how those practices lingered long after the technology had evolved. Now, let’s dive deeper into why modern compliance is more critical than ever in today’s digital landscape.
  |  By Billy McGee
Picture a gruff-voiced sergeant from the classic TV series “Dragnet,” but instead of solving crimes, they are navigating the complex world of software delivery. Their catchphrase, “Just the facts” isn’t just a catch phrase – it’s the mantra we need in today’s high-stakes world of DevOps, AppSec and Compliance.
  |  By Kosli
In this video, we explore how Kosli’s SDLC Recording can revolutionize your DevOps workflow by automating and streamlining the collection of crucial control evidence. Say goodbye to manual documentation and endless meetings, and hello to full visibility and instant audit trails.
  |  By Kosli
Espen Thomassen Sæverud - CTO Stacc & Øyvind Fanebust - Partner - Stacc A snippet from: Help, we’re doing ISO! Why, what, and how? Continuous Compliance Espen & Øyvind have extensive experience in banking and finance with particular expertise in the area of Continuous Compliance. In this talk they will take you on a journey towards ISO certification, discussing challenges and best approaches.
  |  By Kosli
Transforming Compliance and Deployment: Innovative Strategies in Tech Alex Kantor speaking at DIGIT-EVENTS, ITSX SUMMIT Talk: Sustaining and Enhancing Service Delivery Amid Change and Disruption.
  |  By Kosli
Who likes software audits? nobody! Meetings? bah. Paperwork? oh no, being eaten? Definitely not! Dive into a whimsical re-imagining of the change management process by Alex Kantor. Based on Alex's talk at Exploring DevOps, security, audit compliance event in Oslo. Discover how the people of land of Paymoria made its epic quest as an engineering driven start up by avoiding paperwork, meetings and automated its change management process and discovered that they could ship faster and build more with Kosli!
  |  By Kosli
Hey Bill Bensing here, Feild CTO @kosli7786 Here's my latest video on our new feature Evidence Vault and how it helps solve audit and compliance for engineering driven organizations like yours. In this video ill show you how Kosli makes the toil of a software audit a breeze.
  |  By Kosli
Espen Thomassen Sæverud - CTO Stacc & Øyvind Fanebust - Partner - Stacc Help, we’re doing ISO! Why, what, and how? Continuous Compliance Espen & Øyvind have extensive experience in banking and finance with particular expertise in the area of Continuous Compliance. In this talk they will take you on a journey towards ISO certification, discussing challenges and best approaches.
  |  By Kosli
A new spin on a classic format, a story about how collaboration, communication, and visibility helped a misunderstood Troll to empower a nation. Alex Kantor, Director of Technology at Modulr, will show you how they used Kosli to enable their developers to release directly to production in a financially regulated environment. Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
  |  By Kosli
Diptesh “Dips” Mishra, CTO for Shoal (a Standard Chartered Venture) will talk about the governance challenges that financial services organisations face when they look to adopt DevSecOps. Dips has worked for Nationwide, Lloyds Banking Group, and RBS and he’ll share key strategies behind successful implementations Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
  |  By Kosli
In this talk Mike will discuss the state of regulated DevOps, share the Kosli startup journey, what we’ve learned along the way, and briefly demo how Kosli helps regulated DevOps teams to deliver software with continuous compliance. Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
  |  By Kosli
With the modern patterns and practices of DevOps and DevSecOps it’s not clear who the front-line owners are anymore. Today, most organizations' internal audit processes have lots of toil and low efficacy. This is something John has referred to in previous presentations as “Security and Compliance Theater.” Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
  |  By Kosli
Supply chain Levels for Software Artifacts (SLSA) is a security framework that assists in ensuring the integrity of software artifacts throughout the software supply chain. The Open Source Security Foundation (OpenSSF) introduced SLSA in 2021 to protect software from sources through deployment by helping organizations to counter critical threats. SLSA provides a model for improving supply chain security and integrity, and offers guidance for solving issues related to developer or build systems as exploitable security vectors.

Deliver secure software changes at scale and deploy to production with speed and compliance.

Kosli records an easily searchable history of all your changes from commit to production, so you can quickly find the change you need. Move beyond GitOps and understand how your pipelines and environments are really changing.Continuous monitoring in your runtimes and pipelines:

  • Release software with continuous compliance and zero day audits: Kosli records changes in your environments and pipelines as they happen. Get compliance status in real time and export all the evidence you need for an audit to CSV.
  • Track deployments with full cycle security: Kosli connects what’s running in production with what was qualified in your pipelines. Get alerts for undocumented workloads and any deviations from your security policies.
  • Pinpoint the exact change you need when you need it: Kosli gives you a searchable database of every change made to your systems. Get the answer you need by asking better questions in the browser or the command line.
  • Real-time observability for devs and engineers: Tired of trying to figure out which change broke everything? Need to know where your commit is? Get the ability to see how your environments and pipelines are actually changing and quickly locate the change you need.

Faster changes. Stronger security. Painless audits.