Building the Future of Software Delivery Controls: Inside the FINOS SDLC Governance Working Group
Building the Future of Software Delivery Controls: Inside the FINOS SDLC Governance Working Group In October, technologists from across the financial industry gathered in New York for OSFF 2025 where the general theme was clear: open collaboration has moved from promises to proof. Projects like Fluxnova and OpenGris showed how institutions can build shared, production-grade infrastructure. The Common Cloud Controls and AI Governance Framework demonstrated that regulatory assurance can be achieved collaboratively, not competitively.
Storage and Story: Why Artifact Repositories Need Provenance
How Artifactory and Kosli Create a Complete Chain of Custody for Your Software The Problem with “What” An artifact repository like JFrog Artifactory is a cornerstone of modern DevOps. It stores …
How to Automate Change Management Evidence using Kosli and ServiceNow
The Problem: Approvals Waiting on Proof Are your deployments getting stuck waiting for approvals? Your code is ready. Your tests are green. But your ServiceNow change ticket is still holding up the …
Secrets We Forgot… Until Automation Saved Us
We All Have That One Secret… That API key that has been sitting in production for ages. The personal access token that was supposed to be rotated 2 months ago. The service key that is about to …
Build. Release. Run. Repeat. But Where’s the Control?
Every Team Builds, Releases, and Runs Software. But Who Can See the Whole Picture? In every engineering organization, from fintech unicorns to 20,000-seat global bank, delivery happens in a loop. Code …
Security and Compliance Takes Center Stage: Key Insights from Open Source Finance Forum - London 2025
We’ve just wrapped up London’s 2025 Open Source Finance Forum (OSFF) in London and in this blog I’ll try to capture the key highlights from this year’s event while they’re still fresh. Dominant themes …
The Future of Auditing is Agentic AI
Audits are painful for developers AND compliance teams We’ve solved audits for evidence collection. With AI we’ll solve it for evidence evaluation What is the point of an SDLC audit? Audits are a slow …
Introducing Environment Policy- Gain Unified Control Over Compliance Requirements Across Your Runtime Environments
In modern software development, different environments often have different compliance requirements. Your development environment might allow more flexibility, while production demands strict controls …
Flexible, Evidence-Driven Compliance: Meet Kosli’s Custom Attestations
At Kosli, we believe that governance in software delivery shouldn’t be a bottleneck – it should be an extension of how your teams already work. That’s why we’re excited to introduce custom …
Kosli Changelog May 2025
Get trail attestations via the Kosli CLI A new `get attestation` command was added to the CLI in v2.11.15. This gives you an easy way, using the attestation name, to retrieve information about …
How to Strengthen Your SDLC Audit Trail with Improved Access Control in Kosli
Automating SDLC Governance is one of our key use cases. Kosli gathers all of the evidence your engineering teams need for change management and audit by recording every step in their SDLC, from commit …
