Technology
Using Kosli to signal a change freeze
Like many software teams, here at Kosli we use a continuous delivery approach. This means that every commit to our trunk is automatically built, tested, and deployed to our production-like staging environment. This provides us with the confidence that every build is potentially deployable to production. We use our staging environment to perform final exploratory testing before we deploy to production. Deployments to production are “on-demand”. Any developer on the team can deploy the current staging version to production, as needed, using a simple command.
Kosli Changelog October 2024
Welcome to October’s edition of the Kosli Changelog. The season might be spooky, but the product updates we delivered this month are far from it. Quality over quantity is the motto for this month, …
Migration Announcement: Transitioning from Legacy Flows to Flows with Trails
We are excited to announce that we will be migrating your Kosli Flows data to Flows with Trails. This transition will unlock access to our latest features, such as the first-class Sonar integration, …
Using Kosli attest in Github Actions Workflows - Some Do's and Don'ts
The heart of Kosli’s functionality lies in its attest command. Think of it as a digital notary for your CI process. Every time you complete a significant step in your pipeline (e.g., a security …
Record an immutable record of all changes made to your LaunchDarkly feature flags with Kosli
We’re thrilled to introduce our latest integration with LaunchDarkly! This powerful combination allows you to keep an immutable record of all changes made to your feature flags using Kosli …
Kosli Changelog September 2024
Welcome to September’s edition of the Kosli Changelog. As we brace ourselves for a wet and wild autumn our focus remains sharp on delivering updates that enhance the compliance of your software …
Streamline code quality: Integrating SonarCloud and SonarQube scanning with Kosli for automated compliance
Static code analysis is an important part of testing your software to ensure it is release-ready. In contrast to dynamic testing, which involves executing your code to find errors, static analysis …
Kosli Changelog August 2024
This month we are happy to announce that the logical environments feature is now live! This has been a big project for the team and we’re delighted to deliver it this month. Logical environments will …
Kosli Changelog July 2024
Welcome to July’s edition of the Kolsi Changelog, This month, we’re excited to introduce our latest updates and improvements designed to enhance your software evidence management experiance. So …
Kosli Changelog June 2024
June is here and the beer garden is calling our name, but that hasnt stopped us shipping some great new improvements this month. We have a few new features and quality of life enhancements on our UX …
Kosli Changelog - April 2024
We’ve kept ourselves busy this April, in spite of the holidays and the call of the sunny outdoors. This month, Kosli has been improved with a number of new features and quality of life …
Kosli Changelog - March 2024
Spring is definitely here! Northern Europe is starting to thaw and the sun is making the occasional appearance. Here’s some of the latest changes we’ve prepared for you. Tags for Flows & …
How to record an audit trail for any DevOps process with Kosli Trails
In this article I’m going to introduce Kosli Trails. This is a new feature that allows you to record an audit trail for any DevOps process. It’s already in production and being used to record …
How to track Infrastructure as Code changes in Terraform with Kosli
Infrastructure as Code (IaC) has emerged as a cornerstone for efficiently managing and provisioning infrastructure. Among the many tools available, Terraform has gained unparalleled popularity, …
Kosli Changelog - February 2024
It’s already March, the sun is starting to show up again here in Northern Europe, the snow is melting away, and the Kosli team has been hard at work, making good use of that extra leap day in …
Kosli Changelog - January 2024
The Kosli team starts the new year with endless energy and some exciting news for you! This month, we’ve delivered not only bug fixes and performance improvements but also a couple of highly …
A Guide to Continuous Security Monitoring Tools for DevOps
DevOps has accelerated the delivery of software, but it has also made it more difficult to stay on top of compliance issues and security threats. When applications, environments and infrastructure are …
Understanding ISO 27001 Security - and why DevOps teams choose Kosli
Modern software delivery teams find themselves under constant pressure to maintain security and compliance without slowing down the speed of development. This usually means that they have to find a …
The 5 Best Vanta Alternatives for Security Compliance
Over the last two to three years, we’ve seen increasing demands on all kinds of software companies to comply with security and compliance standards. More and more organizations are looking to benefit …
Kosli Changelog - December 2023
Christmas is around the corner and like many we at Kosli are also looking forward to the upcoming holiday break. So we will share the December changelog with you a bit earlier than usual. This month …
Backstage Developer Portal
*Disclaimer: The complete Backstage guide is open sourced on Github and you can suggest changes to the content if you know it needs updates. We continuously review the pull requests and improve the …
Kosli Changelog - November 2023
November has been a busy month for our team as we dive deep into crafting a new big feature. But in the midst of the coding chaos and hot debates, we’ve still managed to sprinkle in some cool …
ISO 27001 Compliance: Everything You Need to Know
Let’s talk about what ISO 27001 compliance means for the tech team. If you’re a CTO, DevOps team lead, or cyber security specialist, you’ll have a lot of plates spinning at any given point in time. …
Demystifying FEDRAMP and NIST for Continuous Compliance
Today, federal agencies rely extensively on Cloud-based SaaS applications for everything from payment processing and document management, to data security and employee workflow automation. These tools …
How to automate Snyk container scanning of your production environments
If you’re using containers to deploy your software, it is important to be aware of potential vulnerabilities within your container images. These may be introduced through dependencies in your built …
Succeeding with Backstage 4: Backstage as Part of a Broader Developer Productivity Engineering (DPE) Initiative
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …
Succeeding with Backstage 3: Improving Adoption
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …
How to Automate Change Management for DevOps
Until fairly recently, software releases happened once or twice a year, maybe once a quarter. This gave IT teams plenty of time to verify and manually sign off on every change before they were …
Succeeding with Backstage 2: Building and Maintaining Custom Plugins
This second installment of the “Succeeding with Backstage” explains how to create a custom Backstage plugin. For many use cases, customizing the platform’s look using the methods from the …
Succeeding with Backstage 1: Customizing the Look and Feel of Backstage
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …
Kosli Changelog - October 2023
It’s spooky season and, at least here in my house, we are overflowing with costumes, pumpkins, and sweets. Happily, there’s no tricks from the Kosli team, only treats! Further API Key improvements …
Implementing Backstage 3: Integrating with Existing Tools Using Plugins
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …
Implementing Backstage 6: Deploying Backstage on Kubernetes
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …
Implementing Backstage Part 5: Kubernetes Plugins
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …
Implementing Backstage Part 4: Security and Compliance
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …
Staying Ahead of Threats with Continuous Security Monitoring Tools for DevOps
According to the latest Crowdstrike report, in 2022 cloud-based exploitation increased by 95%, and there was an average eCrime breakout time of 84 minutes. Just as significantly, in 2021, the Biden …
Implementing Backstage: Core Components
This article is the second installment of the “Implementing Backstage” series and focuses on how to use Backstage’s core features. Backstage has an extensible plugin architecture in …
Implementing Backstage 1: Getting started with Backstage CLI
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …
Kosli Changelog - September 2023
September kicked off with some very pleasant, and warm, late summer / early autumn sunshine, at least here in Northern Europe. But Autumn has now officially landed and it brings with it a few useful …
Evaluating Backstage 1: Why Backstage?
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …
Implementing Backstage Part 2: Core Components
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …
Evaluating Backstage 3: Backstage vs. Competitors
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …
Kosli Changelog - August 2023
Summer vacations are over. Which is fine, because it means it’s time for Autumn vacations 😀 And Autumn is the best time of the year to visit mountains - mosquitoes are gone and the colors get …
Kosli Changelog - July 2023
Hello! Welcome to July’s edition of the Kosli Changelog. Ewelina is currently enjoying her summer vacation, so I’m here to share a couple of changes from the last few weeks, before I take my summer …
Ace your way through painless audits with Kosli's Evidence Vault
Preparing for a software audit can be a time-consuming and painful process where a lot of information needs to be gathered and verified in a provable audit trail. It means tracking down and piecing …
From Monitoring to Action - Get Faster Incident Response with Change Forensics 🕵️♀️
In this post you’ll learn how Kosli’s Change Forensics gives DevOps, Platform, and Site Reliability Engineers the ability to rapidly pinpoint and understand changes and events in their infrastructure …
Kosli Changelog - June 2023
Hello, and welcome to the June edition of the Changelog. It’s that time of the year when the days are long, the great outdoors are calling, and it’s not so easy to stay focused at work. But somehow we …
Data Tampering: A Comprehensive Guide
In an increasingly interconnected and data-driven world, where information shapes decisions and fuels innovation, the integrity of data has become paramount. However, lurking beneath the surface is a …
Terraform Import: What It Is and How to Use It
In this post we’ll explore Terraform Import, a powerful command-line tool that allows you to bring existing infrastructure under Terraform management. We’ll cover what Terraform Import is, …
CRLF Injection, Explained: An In-Depth Guide
In this in-depth guide we’ll explore CRLF injection, a web application security vulnerability that can have severe consequences. First, we’ll cover what CRLF injection is, the types of …
Kosli Changelog - May 2023
Hello, and welcome to the May edition of the changelog. I’ve been pretty busy this last month preparing my presentation for the NDC Oslo conference. So, I drifted away from the team for a bit, only to …
Authentication Failures: Definition, Consequences, and Prevention
Authentication is the security process that verifies a user’s identity in order to grant access to their online account. It also functions as the gateway to your product. It’s a workflow …
How to Use Ansible Copy Module: An In-Depth Guide
In this post, we’re going to learn about the Ansible copy module. Before we look at the copy module specifically, let us first remind ourselves what Ansible is. You can install this open-source …
Command Injection: A Guide to Types, Risks, and Prevention
Command injection is a kind of cyber attack that allows an attacker to execute arbitrary commands on a system. Attackers accomplish this by exploiting vulnerabilities in an application’s input …
What Is Broken-Access Control? Examples and Prevention
Access control is a security mechanism that regulates who has access to sensitive data, resources, and systems. It ensures that only authorized users can access sensitive data and activities while …
Docker Secrets: An Introductory Guide with Examples
Securing sensitive data is crucial for any application, but managing this data can be complex and error-prone. Docker secrets provide a reliable and secure way to handle sensitive information like …
Kosli Changelog - April 2023
Hello, and welcome to the April edition of the changelog. The weather is finally starting to stabilize and resembles one rather than all the seasons. Parks are full of colors and goslings, and at …
Kosli - A Flight Data Recorder for your Runtime Environments
Have you ever had to debug an environment and found it hard to understand exactly what had changed? In the worst case scenarios you have to figure this out during high-pressure situations, like when …
Kosli Changelog - March 2023
Hello, and welcome to the March edition of the changelog. Spring is on her way, days are now longer than nights (at least in the northern hemisphere where me and my Kosli colleagues reside) and new …
How to Provision Your AWS Lambda Function Using Terraform
AWS Lamdba is one of the most popular players in the serverless industry. It enables you to run serverless functions on the cloud, which gives you enhanced scalability and optimized costs. Instead of …
How to achieve compliance with FedRAMP Continuous Monitoring
One of the most common frustrations we hear from CTOs and CISOs is that it’s really hard for them to figure out what they’re supposed to do to achieve software delivery compliance for regulatory …
How to Use the AWS Lambda Function in Python
Amazon Web Services (AWS) Lambda and Python democratize access to code development by reducing the complexity involved when developing and deploying it. The serverless service, AWS Lambda, allows you …
How to create and manage functions in Lambda with AWS CLI
AWS Lambda has been a game changer for the serverless industry ever since its inception in 2014. It allows you to deploy serverless applications in NodeJS, Python, Java, Go, PowerShell, C#, and Ruby. …
How to run your Python Flask server inside a readonly Docker container
In a previous blog we showed you how to strangle old code using Python decorators. This 5 minute blog post shows you how to run a Python Flask server in a readonly Docker container. The steps are …
Kosli Changelog - February 2023
Hello, and welcome to this month’s edition of the change log. We have events filter for environments, commit evidence, GitLab support, and doc updates to share with you, so let’s get straight into it. …
How to strangle old code using Python decorators
The Strangler Pattern is a pattern for safely and carefully retiring old code. The idea is simple - you run the old code and new code live, in production, side-by-side, checking that the new code …
A Deep Dive into fmt Printf in Golang
Go is a simple but versatile programming language developed by Robert Griesemer at Google. It is one of the most sought-after programming languages and continues to grow in popularity. Critical to its …
What is AWS Lambda? An Introduction and Guide with Examples
Serverless computing enables you to build and run applications and services without the need to manage infrastructure. With serverless computing, you can focus on writing and deploying your code …
How to Publish Your Golang Binaries with Goreleaser
Building CLI applications and tools is a fairly easy task in Golang (Go), especially with libraries like Cobra that make getting started a breeze. Once you finish developing your application or tool, …
Docker Inspect Explained: The Essential Guide
These days, it’s hard for a software engineer to go about their work without bumping into a Docker container. But when we bump into one that’s behaving oddly, how do we go about finding …
Understanding Golang Command Line Arguments
Command line interface (CLI) tools are essential in the day-to-day life of developers. They allow you to get your desired result by simply sending a few text inputs, and they consume less resources …
Kosli Changelog - January 2023
With the beginning of the year days are getting longer and the Kosli team is full of energy! So new features and fixes are flying in. There is a lot of work done with backend focus, so the app stays …
A short history of the software bill of materials (SBOM)
Many people are talking about the software bill of materials, but few know about SBOM origins. I find it essential to understand the genesis of ideas, so let’s talk about the beginning of the SBOM. …
How to Use Kubernetes Namespaces: A Guide with Examples
Kubernetes namespaces logically isolate groups of related objects inside a cluster. You can use them to distinguish among objects belonging to different deployments, teams, and organizations. …
Cybersecurity regulation and the software supply chain
It’s standard practice for software companies to use existing software components as building blocks for their new products. But what happens when those building blocks contain vulnerabilities …
How to Configure CLI Tools in Standard Formats with Viper in Golang
Over the past few years, the DevOps and CloudOps sectors have seen a rise in tools that focus on improving certain operations of teams within the industry. There seems to be a tool for almost any …
Get Python test coverage faster without killing your server
Getting system test coverage from a Python web server is not straightforward. If you search the internet all the hits describe killing the server (eg gunicorn) to get the coverage exit handlers to …
How to Securely Create, Edit, and Update Your Kubernetes Secrets
Secrets centrally store confidential data such as passwords, API keys, and certificates inside your Kubernetes cluster. You can inject secrets into your pods as environment variables or files in a …
Understanding Your Kubernetes Deployment Lifecycle—A Guide with Examples
Kubernetes today is the foremost container orchestration platform in the cloud-native ecosystem. It’s an open source system with rich features backed by a large and growing community. Its …
Kosli Changelog - December 2022
End of the year is just around the corner and many of us will leave for a holiday break soon. So this time you hear from us long before the month is over. Nothing to worry about! So much is happening …
Understanding Kubernetes Events: A Guide
Kubernetes events document the changes that occur inside your cluster. Viewing stored events can explain problems and help you resolve failures. An event is generated automatically each time …
Kosli Changelog - November 2022
A lot is happening at Kosli headquarters and satellite offices (or homes! How sweet working for a remote first company can be). In this post we’d like to share some of the latest additions that …
“Did I break prod?” Part 2. Introducing the Kosli Search command
A few months ago, I shared the Eureka moment! I had when I realized how much easier (and less stressful) my earlier career as a developer would have been if I’d had Kosli. Tl;dr - I thought I’d …
The Ultimate Guide to git blame: A How To with Examples
Source control tools give users many powers and one of the big ones is traceability. With traceability tools you can know exactly who made each change and when they made it. In Git, you use the git …
Git Blame in VS Code: The 4 Best Options
Most production projects have a team collaborating on them, so even in a single file there can be multiple contributors. When things go wrong, it’s useful to understand how and why certain changes …
How to define your software process using the Secure SDLC process template
Something I’ve learned over the last 10 years of helping organizations with DevOps is that teams frequently struggle to define a software development process. You’ll find a lot of content on Google …
Docker Tags Demystified: A Guide With Examples
The main principle behind Docker and containerization isn’t too difficult to grasp. You put your software and its dependencies inside a “package” and distribute it. Whoever has this …
Using git diff to Compare Tags: A Guide With Examples
In Git, you can use the git diff command for comparisons. This command is very powerful and flexible, and it covers a lot of ground, but today we’ll be narrowing the scope down to the “git …
Git Grep Like a Pro: The Complete Guide
How do you search for a given string inside many different files? If you’re familiar with the command line, you have the answer on the tip of your tongue: grep. You may know that there is a …
Docker Commit Explained: A Guide With Examples
Docker is a popular set of tools for creating and running applications in containers. Developing an application to run in a container means isolating the application from the underlying …
Docker Build: A Detailed Guide With Examples
One of the many ways Docker makes your life easier is that there are a bunch of development tools you no longer need to install on your machine. Instead, you can rely on images. But if you plan on …
Git and the benefits and challenges of everything-as-code
Git has been a central part of the DevOps story. Our continuous integration systems run builds, produce artifacts, execute tests, and ultimately deploy systems defined as code in our git repositories. …
Tracking changes for your Amazon S3 and Lambda functions with Kosli
The benefits of serverless software architecture include faster and more fine grained changes to your software without worrying about managing hardware resources. This increase in change volume can be …
Continuous Delivery Change Management in ITIL Frameworks
Key takeaways ITIL change management framework doesn’t work for frequent software releases That’s a problem because regulated teams want continuous delivery By automating change management they can …
How to deliver software with Continuous Compliance: A DevOps culture
Imagine your developers are the world’s fastest relay team 🏃 When it comes to build, test, and qualify they get round the running track faster than anyone else. Unfortunately for them the finishing …
Why ITIL Change Management doesn’t work for DevOps teams
Are you trying to do DevOps under regulation? If so, you’ll know the pain of change management. In this article we’ll look at how delivering software with DevOps is incompatible with old school ways …
How are Docker digests calculated and are they mutable?
To ensure binary provenance in your software development process you must, among other things, have confidence that the artifact doesn’t change. If you use a code review and test result as an …
How Kosli automates Change Management for Kubernetes workloads
If you’re delivering software in a regulated space, and you’re using Kubernetes, you’ll know how problematic change management is. On one hand you have a highly dynamic container based system that’s …
5 reasons why your CI system is a terrible Compliance System of Record
“Why can’t we use our CI system for our Compliance System of Record (CSoR)?” This is a question we get asked a lot when we’re talking about compliance with regulated DevOps teams. And it’s a perfectly …
How to design a DevOps Compliance System of Record
If you deliver software in a regulated industry you have to be able to show that you are following a defined process. And that means being able to produce a record of what’s going on in your DevOps …
How regulated teams can avoid the DevOps Lite trap with DevOps Change Management
DevOps is being adopted across regulated industries, but old ITIL approaches to change management still create unnecessary lead times and risks. Fortunately, you don’t have to fall into the DevOps …
How to secure your software supply chain with Artifact Binary Provenance
In Kosli, we use Artifact Binary Provenance as the foundation for our audit trails. Artifact Binary Provenance is a fancy term, but the idea behind it is really quite simple. All it means is that we …
8 reasons why we do ensemble programming
At Kosli we do as much of our work as possible in a group setting, especially (but not limited to) programming. In our experience most tech teams don’t do this and we think they’re missing out on all …
What does it mean to deliver software with Continuous Compliance?
In this short video, Mike Long, our Co-founder and CEO, explains how teams delivering software in regulated industries can achieve CI/CD using CC = Continuous Compliance. If you deliver software in a …
How to automate a secure chain of custody across your pipelines in 5 steps
Imagine you’re a Fintech CTO 🤓 with several teams and tens of microservices. Do you know what’s currently running in prod? How about yesterday? A week ago? Last month? And if you do know what’s in …
How To Release Compliant Software on Demand
In this blog we’ll explain how to automate the change and release compliance in a Secure Software Development Lifecycle. Kosli is a new technology that enables teams in regulated industries, like …
How to Ensure Software Provenance. Just like Google.
Google has always been a leader when it comes to security culture and their approach to managing a secure development lifecycle is no exception. This article introduces Google’s Binary Authorization …
Introducing Continuous Compliance with Kosli
In this article we introduce new technology that allows you to automate the change and release compliance in a Secure Software Development Lifecycle. It’s called Kosli, the DevOps Change Management …
Using Git for a compliance audit trail
Kosli is a DevOps change management platform for storing a record of compliance controls. It helps financial institutions, medical device manufacturers, automotive and other mission-critical …
Ready to ship with more confidence?
Got a question about Kosli?
We’re here to help, our customers range from larges fintechs, medtechs and regulated business all looking to streamline their DevOps audit trails
Contact us