Kosli

Oslo, Norway
2019
  |  By Ana Gotter
DevOps teams play an increasingly important role in all types of software companies. From legacy organizations to cloud-native startups, the DORA metrics tell us that the performance of the DevOps team correlates very closely with the overall success of the business.
  |  By Mike Long
Kosli allows regulated organizations to scale their continuous delivery so that they can deploy changes to production at maximum speed without the risk of non-compliance. It does this by recording all of the data you need to get through regulatory events like audits. With Kosli you can record everything that happens in your software delivery process from initial requirement all the way through to deployment to production. Events like builds, tests, scans, code reviews, etc.
  |  By Jonathan Coull
The Continuous Compliance content hub is a set of guides for DevOps teams who need to move fast while remaining in compliance for audit and security purposes. We know that the old change management processes for software releases that happened once every 6 months don’t scale for DevOps teams who want to deploy every day. This is where Continuous Compliance comes in.
  |  By Jonathan Coull
The DevOps Change Management Content Hub is a set of resources for modern software teams who struggle to align their DevOps automation with their change management requirements. In our experience, cloud native teams with lots of automation struggle when they run into a compliance event like an audit, or need to achieve a security standard like SOC2 or ISO27001. How do you comply without adopting old fashioned change management practices and screwing up your DevOps?
  |  By Bruce Johnston
Modern software delivery teams find themselves under constant pressure to maintain security and compliance without slowing down the speed of development. This usually means that they have to find a way of using automation to ensure robust governance processes that can adapt to evolving cyber threats and new regulatory requirements.
  |  By Bruce Johnston
DevOps has accelerated the delivery of software, but it has also made it more difficult to stay on top of compliance issues and security threats. When applications, environments and infrastructure are constantly changing it becomes increasingly difficult to maintain a handle on compliance and security. For fast-moving teams, real time security monitoring has become essential for quickly identifying risky changes so they can be remediated before they result in security failure.
  |  By Katerina Konstantinou
As the year comes to an end, we are taking a look back on the major data breaches and vulnerabilities that disrupted the security of both small, and large and very important organizations around the world and across all industries. According to a recently published report: As this trend is on the rise, governmental organizations and companies of every size put more emphasis on the security of their systems and networks.
  |  By Ana Gotter
Over the last two to three years, we’ve seen increasing demands on all kinds of software companies to comply with security and compliance standards. More and more organizations are looking to benefit by moving their operations to the cloud, but this increases the potential for cybersecurity attacks and breaches. A new type of compliance vendor has emerged to help companies that must comply with the security standards designed to ward off cybersecurity threats.
  |  By Mike Long
In this blog post, I take a look at modern IT governance by applying the classic “Three Ways” of DevOps principles originally introduced by Gene Kim in his seminal 2012 article. “We assert that the Three Ways describe the values and philosophies that frame the processes, procedures, practices of DevOps, as well as the prescriptive steps.” Here’s a quick reminder of the three ways set out by Gene: For Gene, all DevOps patterns can be derived from these three principles.
  |  By Mike Long
Let’s not beat around the bush: change management is a prehistoric discipline desperately in need of fresh thinking. Its “best practices” are frankly terrible. Nobody honestly thinks manually filling out change tickets, waiting for CAB meetings and external approvals does anything to meaningly reduce risk. Change management is slow, inconsistent, doesn’t scale, and is prone to error.
  |  By Kosli
Who likes software audits? nobody! Meetings? bah. Paperwork? oh no, being eaten? Definitely not! Dive into a whimsical re-imagining of the change management process by Alex Kantor. Based on Alex's talk at Exploring DevOps, security, audit compliance event in Oslo. Discover how the people of land of Paymoria made its epic quest as an engineering driven start up by avoiding paperwork, meetings and automated its change management process and discovered that they could ship faster and build more with Kosli!
  |  By Kosli
Hey Bill Bensing here, Feild CTO @kosli7786 Here's my latest video on our new feature Evidence Vault and how it helps solve audit and compliance for engineering driven organizations like yours. In this video ill show you how Kosli makes the toil of a software audit a breeze.
  |  By Kosli
Espen Thomassen Sæverud - CTO Stacc & Øyvind Fanebust - Partner - Stacc Help, we’re doing ISO! Why, what, and how? Continuous Compliance Espen & Øyvind have extensive experience in banking and finance with particular expertise in the area of Continuous Compliance. In this talk they will take you on a journey towards ISO certification, discussing challenges and best approaches.
  |  By Kosli
Diptesh “Dips” Mishra, CTO for Shoal (a Standard Chartered Venture) will talk about the governance challenges that financial services organisations face when they look to adopt DevSecOps. Dips has worked for Nationwide, Lloyds Banking Group, and RBS and he’ll share key strategies behind successful implementations Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
  |  By Kosli
In this talk Mike will discuss the state of regulated DevOps, share the Kosli startup journey, what we’ve learned along the way, and briefly demo how Kosli helps regulated DevOps teams to deliver software with continuous compliance. Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
  |  By Kosli
With the modern patterns and practices of DevOps and DevSecOps it’s not clear who the front-line owners are anymore. Today, most organizations' internal audit processes have lots of toil and low efficacy. This is something John has referred to in previous presentations as “Security and Compliance Theater.” Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
  |  By Kosli
John Willis - Distinguished Researcher & Author dives into Investments Unlimited the latest novel from IT Revolution. It’s about an investment bank dealing with DevOps, DevSecOps, and IT Risk. John is co-author of this bestseller and he will share the story behind the book, how and why it was created, and the real life lessons it holds for all regulated software organizations.
  |  By Kosli
At Exploring DevOps, security, audit compliance and thriving in the digital age we wrapped up the day with a panel discussion featuring all of our speakers plus Lamisi Gurah - Service Owner / Head of IEP Engineering Productivity at DNB. Come prepared with whatever’s on your mind or follow up on what you’ve heard during the talks. Our speakers would love to take your questions.
  |  By Kosli
A new spin on a classic format, a story about how collaboration, communication, and visibility helped a misunderstood Troll to empower a nation. Alex Kantor, Director of Technology at Modulr, will show you how they used Kosli to enable their developers to release directly to production in a financially regulated environment. Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
  |  By Kosli
Recorded LIVE in Oslo, watch John Willis, co-author of Beyond the Phoenix project 📕 and Investments Unlimited (out now!) as he discusses Modern Governance that satisfies regulators without slowing you down.
  |  By Kosli
Supply chain Levels for Software Artifacts (SLSA) is a security framework that assists in ensuring the integrity of software artifacts throughout the software supply chain. The Open Source Security Foundation (OpenSSF) introduced SLSA in 2021 to protect software from sources through deployment by helping organizations to counter critical threats. SLSA provides a model for improving supply chain security and integrity, and offers guidance for solving issues related to developer or build systems as exploitable security vectors.

Deliver secure software changes at scale and deploy to production with speed and compliance.

Kosli records an easily searchable history of all your changes from commit to production, so you can quickly find the change you need. Move beyond GitOps and understand how your pipelines and environments are really changing.Continuous monitoring in your runtimes and pipelines:

  • Release software with continuous compliance and zero day audits: Kosli records changes in your environments and pipelines as they happen. Get compliance status in real time and export all the evidence you need for an audit to CSV.
  • Track deployments with full cycle security: Kosli connects what’s running in production with what was qualified in your pipelines. Get alerts for undocumented workloads and any deviations from your security policies.
  • Pinpoint the exact change you need when you need it: Kosli gives you a searchable database of every change made to your systems. Get the answer you need by asking better questions in the browser or the command line.
  • Real-time observability for devs and engineers: Tired of trying to figure out which change broke everything? Need to know where your commit is? Get the ability to see how your environments and pipelines are actually changing and quickly locate the change you need.

Faster changes. Stronger security. Painless audits.