3 min read
Introduce Custom attestation types
We’ve recently introduced Custom Attestation Types, a powerful new feature that gives you greater flexibility and control over your attestations in Kosli.
Why we built this
The Kosli CLI provides several typed attest commands, such as kosli attest snyk, kosli attest jira, etc. Each attest command automatically interprets its own specialised input format and evaluates its compliance.
If you’re using a tool that does not yet have a corresponding kosli attest command then, until now, you’ve had to use the “untyped” kosli attest generic command, which can attest anything, but does not calculate a true/false compliance value for you. Generic attestations are a useful “escape hatch”, but have their drawbacks:
- It can take some effort to calculate a true/false value in some cases.Â
- It would be nice to split generic attestations into different types.
- Most importantly, many customers would prefer it if Kosli calculated all compliance values, as part of a zero trust model.
How Custom Attestations Work
Custom Attestations bridge this gap, allowing you to create your own attestation types and rules for how they are evaluated. Here’s how to use them:
1. define your own attestation type
For example:
kosli create attestation-type code-coverage
--jq ".code.coverage >= 80"
--schema=code-coverage.schema.json
A custom type can optionally define its schema specifying the types of the names used in the –jq expressions, whether they are required, whether they have defaults, etc.
2. save your custom data into a json file in the format used in the –jq expression
For example:
{ "code": {
"coverage": 87.34
}
}
3. Make your custom attestation
For example:
kosli attest custom --type=code-coverage
--attestation-data=<PATH-TO-COVERAGE-DATA-FILE-FROM-STEP-2>
--name=differ.unit-test-code-coverage
4. Specify the type of this attestation as custom in your template compliance file.
For example:
trail:
...
artifacts:
- name: differ
attestations:
- name: unit-test-code-coverage
type: custom:code-coverage
...
We’ve written two blog posts, each with a detailed step-by-step example:
- Migrating from Generic to Custom Attestations: A zero-trust approach to compliance
- Moving to a zero-trust model with Kosli’s custom attestations
Introducing Attestations firehose
The app has been expanded to include a section about attestations. This firehose lists all attestations that have been reported in your organization, across all flows and trails. It is possible to filter them by type, name, flow, date, and compliance status to have a greater view of what is being reported.
From here, it’s also possible to see the custom attestation types that you have defined for your organization.
Continuous environment monitoring of filesystem pathsÂ
Kosli CLI has supported snapshotting file systems paths for a long time now. However, users needed to perform the snapshotting periodically to ensure they capture the changes.Â
As of CLI version 2.11.9, you can use the --watch flag with the kosli snapshot path(s) commands to watch for changes in the snapshotted paths and re-snapshot them automatically.
