A Flow records the journey from commit to production for a service or component. A Flow is where attestations for builds, pull requests, tests, security scans, etc are recorded.

Do all Flows cost $99? What do the discounts look like?

Paid Flows start at $99, but discounts start to kick in when you reach 50 Flows and become increasingly cheaper as you scale. Contact us for specifics on your needs.

What is an Environment Change?

An Environment Change is recorded with a snapshot whenever a deployment, termination or scaling event occurs in your runtime environment. This snapshot is sent to Kosli.

Why does Kosli record Environment Changes?

Environment Changes build a record of snapshots of how your runtimes are really changing. This record allows you to quickly identify unauthorized changes, and is the basis for your compliance and audit status.

What happens when I go over my Flows/Environment Change quota?

We’ll get in touch to discuss how to scale your plan to meet your needs.

What happens at the end of the 30 day free trial?

You can decide to proceed to a paid plan or scale back down to the Free tier.

Are all of the essential features available in the free tier?

Yes, all of Kosli’s key features for audit, compliance and security are available in the free tier.

When/Why would I need to upgrade from the Free Tier to the Pro?

You need to upgrade if you exceed 10 Flows, make more than 5,000 Environment Changes each month, or require longer than 90 days of data retention. Larger organizations with audit and compliance requirements usually start with a free trial of the Pro Plan.

Can I record Environment Changes and Flows in the Free Tier?

Yes, you can record up to 10 Flows and 5,000 Environment Changes each month.

Can I connect my Environment Changes to my Flows?

Yes, you can trace the changes made to your environments all the way back to the initial commit.

What does it mean to attest a Flow event?

It means that you choose to report to Kosli that a service or component has had an e.g. test or security scan, or anything else you wish to report from your CI process.

What about the actual results of the test or scan? Can I store those too?

Yes, you can store this evidence in Kosli’s Evidence Vault and link it to your attestation.

Why should I store my attestations and evidence in the Evidence Vault?

Kosli’s Evidence Vault is a secure, append-only data store that holds your data in a *tamper-evident* way. It gives you 3rd party proof that you’re following your process.

How do I access my data in the Evidence Vault?

There’s a link to the Evidence Vault next to the metadata for your artifacts in the Kosli app. Click and download.

Can I record a business process in Kosli?

Yes, for this we have the Audit Trail feature. An example of a business process that you might want to log in an Audit Trail is the provisioning and revoking of user accounts and access. You can store your Audit Trails in the Evidence Vault.

How does Kosli help me to pass a software audit?

For this we have an **Export to CSV** feature. Simply select the evidence you would like to export e.g. all deploys to production, choose a date range, and export your evidence in an auditor-friendly format. In the free tier data retention is limited to 90 days, so to export data older than that you should choose the Pro plan.

How does Kosli help me to prove compliance with my process?

By recording all the changes to your environments, and connecting them to all the events that happen in your Flows, Kosli gives you real time compliance status for all running artifacts. Is a component in production missing e.g. a unit test? Kosli will flag it up with a Notification. As with passing a software audit, proving compliance in the free tier is only possible within the last 90 days. For a longer compliance record you should choose the Pro plan.

How does Kosli help me with security?

By recording every change to your environments Kosli detects unauthorized workloads, off-pipeline changes, and malicious deployments, and can alert you to them with notifications.

What is a notification in Kosli?

Kosli can provide various notifications on events like deployments, compliance issues, and scaling events.

Does Kosli support the runtimes we use in our organization?

Yes, Kosli supports Kubernetes, AWS Lambda, S3 buckets, Azure and more.

What about the CI server we use?

We’re completely agnostic when it comes to your tool choices - Jenkins, Circle CI, Travis, Bitbucket - Kosli integrates with all of them.

What about my industry or standard?

Kosli works for teams in any industry (finance, health, automotive, etc) and also for compliance to any standard like ISO, SOC2, FedRamp, etc.

Does Kosli need access to my systems?

No, you install Kosli CLI to monitor, log, and ship information to Kosli

Do you have an on-prem option?

Yes, we realize some of our customers have a no-cloud policy, so on-prem is available for Enterprise customers.

Can you meet our specific data residency needs?

Yes, Enterprise customers can choose to have their data stored in a specific jurisdiction

Can I have annual billing?

Yes, this is available for Enterprise customers

Can I have Single Sign-On?

Yes, this is available for Pro and Enterprise customers.

Can I lock down Kosli access to my network?

Yes, for Enterprise customers we offer a managed single tenant option which can be restricted to your network environment.

Ace your next software audit with Continuous Compliance

We get the frustration of having to hold back your software release to wait for manual change approvals. Kosli records the evidence you need for compliance as part of your continuous integration, so you can deploy changes to regulated environments without any extra paperwork or delays.

Book a Demo Try for free

Full continuous delivery - no manual checks

We know that DevOps teams struggle with change management when it comes to the software release. We built Kosli so you can automate controls as part of your CI/CD and deploy your changes with continuous compliance baked in.

No need for screenshots, checklists, or meetings

You don’t have to gather evidence manually before deploying to production. Kosli is the continuous compliance tool you've been looking for. It records all the evidence that your release candidates have passed all of their tests, scans, PRs. etc.

Breeze through audits without digging in logs

We know that auditors can ask you for all kinds of data and hunting it down can be a real pain. With Kosli's continuous compliance automation all of your evidence is recorded for easy export to CSV. Just choose a date range in the Kosli app and hit the easy button.

Continuous Compliance and audit for any industry or standard

What is Continuous Compliance?

Lots of DevOps teams require manual change approvals before they can deploy their changes to production. We hear a lot of frustration from teams in industries like finance and healthcare who rely on manual change management processes to get their changes out. Screenshots, tickets, spreadsheets - it’s slow and patchy and developers hate it. Being able to automate those jobs with DevOps Compliance is why we started Kosli. Here’s the story of Continuous Compliance.

Try for free

Continuous Compliance is for teams who need to prove their SDLC is being followed

Regulation and audits don’t have to slow you down

If you’re a regulated team, being able to prove that you’re deploying changes that have had all the necessary tests, security scans, PRs, etc. can be a real pain.

You can use Kosli to automate your change controls and gather the evidence that they’re being followed as part of your CI/CD process.

Cartoon characters celebrating in front of devops loop

Manual change approvals are slow and risky

If you’re using screenshots, spreadsheets, and manual sign offs to approve changes, you’re delaying your software release to get a patchy record of what actually happened.

Use Kosli to gate release candidates that haven’t met your change controls. Deploy with continuous compliance baked in to every change.

Cartoon character overwhelmed in front of laptop

Free up your developers and keep your tools

Developers hate submitting changes for approval with screenshots and tickets. But some automated solutions force them to adopt new tools and processes.

Kosli integrates with your existing tools, so you can automate your change approvals without disrupting your existing stack or your process.

Cartoon character in front of tool integration logos

See how Continuous Compliance can work for your team

Book a demo

“We always know our compliance status in real time and that gives us a lot of freedom to deliver our changes”

Cato Auestad, Chief Technology Officer @Firi

View Firi’s customer story

“We didn’t spend any extra time gathering evidence manually because all of it had already been recorded in Kosli”

Øyvind Fanebust, Partner @Stacc

View Stacc's customer story

“We now have a central system of record where the auditor can see a complete audit trail of changes across multiple systems”

Alex Kantor, Director of Technology @Modulr

View Modulr's customer story

“We believe that DevOps is the key to our success, and in our industry being able to automate change management is an important part of our technical strategy”

Andreas Røe, Chief Technology Officer @ZTL

View ZTL's customer story

"Kosli doesn’t just help us to respond to incidents, it helps us to reduce their frequency"

Mark Martin, Sr. Director Platform Engineering @SolarWinds

View SolarWind's customer story

How it works

Cryptographic Fingerprints

Cryptographic FingerprintsTake cryptographic fingerprints to make sure the artifact you qualify is the one you deploy

Learn more

Deployment Controls

Automate deployment controls to make sure only compliant software is running.

Learn more

Release Approvals

Generate release approvals from version control or Slack. Deploy without screenshots.

Learn more

Risk Controls

Take risk controls out of tickets and meetings and automate them in your CI pipelines.

Learn more

How does Kosli fit into our process?

Kosli doesn’t replace the tools in your software development process. It’s not a substitute for your CI server, or your internal developer platform. Instead, Kosli integrates with those tools and records what you do with them.

It gives you a provable record of every activity between commit and deploy so you can automate your change controls and generate an audit trail without manual evidence gathering.