Binary Provenance, SBOMs and the Software Supply Chain for Humans
“What’s really running in prod?” Every engineer will hear these immortal words on a long enough timeline (or career). It might be because a new security zero day was dropped, alerts fired from the depths of a vast microservice architecture, or you might just be looking to know what commit was actually tested. Either way, it often comes with the promise of a stressful day. Let’s demystify three critical concepts for delivering secure, reliable software: binary provenance, software bills of materials (SBOMs) and the software supply chain.
SDEM: Your fastpass to the production superhighway
With software delivery, speed is everything. But how do you balance rapid delivery with quality, security, and compliance? To answer this question, let’s embark on a journey - one that starts in …
Using Kosli to signal a change freeze
Like many software teams, here at Kosli we use a continuous delivery approach. This means that every commit to our trunk is automatically built, tested, and deployed to our production-like staging …
Kosli Changelog October 2024
Welcome to October’s edition of the Kosli Changelog. The season might be spooky, but the product updates we delivered this month are far from it. Quality over quantity is the motto for this month, …
Migration Announcement: Transitioning from Legacy Flows to Flows with Trails
We are excited to announce that we will be migrating your Kosli Flows data to Flows with Trails. This transition will unlock access to our latest features, such as the first-class Sonar integration, …
Using Kosli attest in Github Actions Workflows - Some Do's and Don'ts
The heart of Kosli’s functionality lies in its attest command. Think of it as a digital notary for your CI process. Every time you complete a significant step in your pipeline (e.g., a security …
Record an immutable record of all changes made to your LaunchDarkly feature flags with Kosli
We’re thrilled to introduce our latest integration with LaunchDarkly! This powerful combination allows you to keep an immutable record of all changes made to your feature flags using Kosli …
Kosli Changelog September 2024
Welcome to September’s edition of the Kosli Changelog. As we brace ourselves for a wet and wild autumn our focus remains sharp on delivering updates that enhance the compliance of your software …
Introducing Kosli's Logical Environments: Gain total visibility and control over complex systems
In today’s fast-paced development landscape, environments are no longer simple or isolated. You’re managing resources that span across development stages, geographies, and technologies. And as those …
Streamline code quality: Integrating SonarCloud and SonarQube scanning with Kosli for automated compliance
Static code analysis is an important part of testing your software to ensure it is release-ready. In contrast to dynamic testing, which involves executing your code to find errors, static analysis …