A Flow records the journey from commit to production for a service or component. A Flow is where attestations for builds, pull requests, tests, security scans, etc are recorded.

Do all Flows cost $99? What do the discounts look like?

Paid Flows start at $99, but discounts start to kick in when you reach 50 Flows and become increasingly cheaper as you scale. Contact us for specifics on your needs.

What is an Environment Change?

An Environment Change is recorded with a snapshot whenever a deployment, termination or scaling event occurs in your runtime environment. This snapshot is sent to Kosli.

Why does Kosli record Environment Changes?

Environment Changes build a record of snapshots of how your runtimes are really changing. This record allows you to quickly identify unauthorized changes, and is the basis for your compliance and audit status.

What happens when I go over my Flows/Environment Change quota?

We’ll get in touch to discuss how to scale your plan to meet your needs.

What happens at the end of the 30 day free trial?

You can decide to proceed to a paid plan or scale back down to the Free tier.

Are all of the essential features available in the free tier?

Yes, all of Kosli’s key features for audit, compliance and security are available in the free tier.

When/Why would I need to upgrade from the Free Tier to the Pro?

You need to upgrade if you exceed 10 Flows, make more than 5,000 Environment Changes each month, or require longer than 90 days of data retention. Larger organizations with audit and compliance requirements usually start with a free trial of the Pro Plan.

Can I record Environment Changes and Flows in the Free Tier?

Yes, you can record up to 10 Flows and 5,000 Environment Changes each month.

Can I connect my Environment Changes to my Flows?

Yes, you can trace the changes made to your environments all the way back to the initial commit.

What does it mean to attest a Flow event?

It means that you choose to report to Kosli that a service or component has had an e.g. test or security scan, or anything else you wish to report from your CI process.

What about the actual results of the test or scan? Can I store those too?

Yes, you can store this evidence in Kosli’s Evidence Vault and link it to your attestation.

Why should I store my attestations and evidence in the Evidence Vault?

Kosli’s Evidence Vault is a secure, append-only data store that holds your data in a *tamper-evident* way. It gives you 3rd party proof that you’re following your process.

How do I access my data in the Evidence Vault?

There’s a link to the Evidence Vault next to the metadata for your artifacts in the Kosli app. Click and download.

Can I record a business process in Kosli?

Yes, for this we have the Audit Trail feature. An example of a business process that you might want to log in an Audit Trail is the provisioning and revoking of user accounts and access. You can store your Audit Trails in the Evidence Vault.

How does Kosli help me to pass a software audit?

For this we have an **Export to CSV** feature. Simply select the evidence you would like to export e.g. all deploys to production, choose a date range, and export your evidence in an auditor-friendly format. In the free tier data retention is limited to 90 days, so to export data older than that you should choose the Pro plan.

How does Kosli help me to prove compliance with my process?

By recording all the changes to your environments, and connecting them to all the events that happen in your Flows, Kosli gives you real time compliance status for all running artifacts. Is a component in production missing e.g. a unit test? Kosli will flag it up with a Notification. As with passing a software audit, proving compliance in the free tier is only possible within the last 90 days. For a longer compliance record you should choose the Pro plan.

How does Kosli help me with security?

By recording every change to your environments Kosli detects unauthorized workloads, off-pipeline changes, and malicious deployments, and can alert you to them with notifications.

What is a notification in Kosli?

Kosli can provide various notifications on events like deployments, compliance issues, and scaling events.

Does Kosli support the runtimes we use in our organization?

Yes, Kosli supports Kubernetes, AWS Lambda, S3 buckets, Azure and more.

What about the CI server we use?

We’re completely agnostic when it comes to your tool choices - Jenkins, Circle CI, Travis, Bitbucket - Kosli integrates with all of them.

What about my industry or standard?

Kosli works for teams in any industry (finance, health, automotive, etc) and also for compliance to any standard like ISO, SOC2, FedRamp, etc.

Does Kosli need access to my systems?

No, you install Kosli CLI to monitor, log, and ship information to Kosli

Do you have an on-prem option?

Yes, we realize some of our customers have a no-cloud policy, so on-prem is available for Enterprise customers.

Can you meet our specific data residency needs?

Yes, Enterprise customers can choose to have their data stored in a specific jurisdiction

Can I have annual billing?

Yes, this is available for Enterprise customers

Can I have Single Sign-On?

Yes, this is available for Pro and Enterprise customers.

Can I lock down Kosli access to my network?

Yes, for Enterprise customers we offer a managed single tenant option which can be restricted to your network environment.

Continuous runtime monitoring for secure environments

When runtime environments are constantly changing it’s really difficult to know your compliance and security status. Kosli records every change to your environments, so you always know exactly what’s running.

Book a Demo Try for free

Continuous compliance for your runtimes

Changes can sometimes sneak past change management processes. Get alerts for any non-compliant changes in prod that are missing tests, scans, or pull requests.

Get alerts for off-pipeline or malicious deployments

Golden paths to production are no guarantee that runtimes are secure. Get instant notifications for unauthorized changes made innocently or by bad actors.

Respond to incidents quickly with environment diffs

Figuring out what broke your env doesn’t need to rely on digging in dashboards and logs. Diff your environment history to quickly find the change you need.

Secure runtimes for compliance with any standard

What is an Environment in Kosli?

In Kosli, an environment is any runtime that can be said to contain one or many artifacts. An environment could be a Kubernetes or ECS cluster, a Docker host, a Lambda or S3 bucket, or even just a file or directory on disk. You may have several environment types and Kosli supports all of them. Whenever a change is detected in your environment, a snapshot of all running artifacts is sent to Kosli to record the history of how that environment is changing.

Lean more

Continuous Compliance is for teams who need to prove their SDLC is being followed

Know exactly what’s in prod and where it came from

It’s hard to get real time compliance and security status for environments when they’re constantly changing. Do you even know what’s running right now?

Kosli solves this for you by taking a snapshot of everything running in an environment every time a change is made. It traces those changes all the way back to their original commits, so you can know exactly where your changes have come from.

Kosli environment snapshot to git commit

Don’t bet your security on locking down supply chain

There’s a lot of cybersecurity tools and processes that focus on ensuring the supply chain. Secure base images, SBOMs, and Golden Paths are all enhancements - but they don’t guarantee security in production. With Kosli you can be absolutely sure about the software you have running in production because it detects and notifies you of *every* change to runtime - including off-pipeline changes and malicious deploys.

Version controlled environment history for rapid response

How long does it take you to figure out which change took down your environment? Lots of digging in APM dashes and deployment logs?

Because Kosli takes a snapshot every time a change happens, you quickly build up a version controlled history of your environment that you can diff with simple commands. Pinpoint the change that broke everything without a fuss.

kosli incident management with slack notification

Discover how your environments are changing with Kosli

Book a demo

“We always know our compliance status in real time and that gives us a lot of freedom to deliver our changes”

Cato Auestad, Chief Technology Officer @Firi

View Firi’s customer story

“We didn’t spend any extra time gathering evidence manually because all of it had already been recorded in Kosli”

Øyvind Fanebust, Partner @Stacc

View Stacc's customer story

“We now have a central system of record where the auditor can see a complete audit trail of changes across multiple systems”

Alex Kantor, Director of Technology @Modulr

View Modulr's customer story

“We believe that DevOps is the key to our success, and in our industry being able to automate change management is an important part of our technical strategy”

Andreas Røe, Chief Technology Officer @ZTL

View ZTL's customer story

"Kosli doesn’t just help us to respond to incidents, it helps us to reduce their frequency"

Mark Martin, Sr. Director Platform Engineering @SolarWinds

View SolarWind's customer story

How it works

Cryptographic Fingerprints

Cryptographic FingerprintsTake cryptographic fingerprints to make sure the artifact you qualify is the one you deploy

Learn more

Deployment Controls

Automate deployment controls to make sure only compliant software is running.

Learn more

Release Approvals

Generate release approvals from version control or Slack. Deploy without screenshots.

Learn more

Risk Controls

Take risk controls out of tickets and meetings and automate them in your CI pipelines.

Learn more

How does Kosli fit into our process?

Kosli doesn’t replace the tools in your software development process. It’s not a substitute for your CI server, or your internal developer platform. Instead, Kosli integrates with those tools and records what you do with them.

It gives you a provable record of every activity between commit and deploy so you can automate your change controls and generate an audit trail without manual evidence gathering.