We are thrilled to announce 📢 Kosli is now SOC 2 Type 2 compliant - Read more
✨ New Feature: Kosli Trails is live ✨ Create comprehensive audit trails for any DevOps activity - Read more
Migrating from Generic to Custom Attestations: A zero-trust approach to compliance

Migrating from Generic to Custom Attestations: A zero-trust approach to compliance

The kosli attest generic CLI command can attest anything, but unlike a “typed” attestation (such as kosli attest snyk), it does not calculate a true/false compliance value for you. Customers have reported that while a generic “escape hatch” is useful, it nevertheless has some drawbacks: It can take some effort to calculate a true/false value in some cases. It would be nice to split generic attestations into different types. Most importantly, many customers would prefer it if Kosli calculated all compliance values, as part of a zero trust model.

by Jon Jagger
Kosli Joins FINOS to Collaborate on DevOps Controls and Change Compliance in Financial Services main image

Kosli Joins FINOS to Collaborate on DevOps Controls and Change Compliance in Financial Services

We are thrilled to announce that Kosli has joined the Fintech Open Source Foundation (FINOS), a Linux Foundation organization dedicated to fostering collaboration and innovation in financial services …

Mike Long in news
Moving to a zero-trust model with Kosli's custom attestations main image

Moving to a zero-trust model with Kosli's custom attestations

The Kosli CLI provides several attest commands, such as kosli attest snyk, kosli attest jira, etc. These attestations are “typed” - each one knows how to interpret its own particular kind …

Jon Jagger in features
How to make Kosli generic attestations using the kosli-attest-generic command main image

How to make Kosli generic attestations using the kosli-attest-generic command

Update! We recommend using the new custom attestations instead of generic attestations. Please see these two new blog posts: Migrating from Generic to Custom Attestations: A zero-trust approach to …

Jon Jagger in features
Kosli Changelog January 2025 main image

Kosli Changelog January 2025

Make the kosli-dev/setup-cli-action verified in the GitHub Marketplace Kosli has become an official GitHub Technology Partner. As part of this partnership, our setup-kosli-cli GitHub Action has been …

Product Team in technology
Kosli Changelog December 2024 main image

Kosli Changelog December 2024

A short month for the Product team is no excuse for shipping less changes on the application, improving its functionality one update at a time! Having our users’ experience as our focus, and …

Katerina Konstantinou in technology
Kosli Changelog November 2024 main image

Kosli Changelog November 2024

Another month another changelog packed with updates that improve the functionality of the platform and enhance user experience. As always, we’d love to hear your comments and feedback on the updates …

Jonathan Coull in technology
Binary Provenance, SBOMs and the Software Supply Chain for Humans main image

Binary Provenance, SBOMs and the Software Supply Chain for Humans

“What’s really running in prod?” Every engineer will hear these immortal words on a long enough timeline (or career). It might be because a new security zero day was dropped, alerts fired from the …

Mike Long in features
SDEM: Your fastpass to the production superhighway main image

SDEM: Your fastpass to the production superhighway

With software delivery, speed is everything. But how do you balance rapid delivery with quality, security, and compliance? To answer this question, let’s embark on a journey - one that starts in …

Billy McGee in features
Using Kosli to signal a change freeze main image

Using Kosli to signal a change freeze

Like many software teams, here at Kosli we use a continuous delivery approach. This means that every commit to our trunk is automatically built, tested, and deployed to our production-like staging …

Steve Tooke in technology