A Flow records the journey from commit to production for a service or component. A Flow is where attestations for builds, pull requests, tests, security scans, etc are recorded.

Do all Flows cost $99? What do the discounts look like?

Paid Flows start at $99, but discounts start to kick in when you reach 50 Flows and become increasingly cheaper as you scale. Contact us for specifics on your needs.

What is an Environment Change?

An Environment Change is recorded with a snapshot whenever a deployment, termination or scaling event occurs in your runtime environment. This snapshot is sent to Kosli.

Why does Kosli record Environment Changes?

Environment Changes build a record of snapshots of how your runtimes are really changing. This record allows you to quickly identify unauthorized changes, and is the basis for your compliance and audit status.

What happens when I go over my Flows/Environment Change quota?

We’ll get in touch to discuss how to scale your plan to meet your needs.

What happens at the end of the 30 day free trial?

You can decide to proceed to a paid plan or scale back down to the Free tier.

Are all of the essential features available in the free tier?

Yes, all of Kosli’s key features for audit, compliance and security are available in the free tier.

When/Why would I need to upgrade from the Free Tier to the Pro?

You need to upgrade if you exceed 10 Flows, make more than 5,000 Environment Changes each month, or require longer than 90 days of data retention. Larger organizations with audit and compliance requirements usually start with a free trial of the Pro Plan.

Can I record Environment Changes and Flows in the Free Tier?

Yes, you can record up to 10 Flows and 5,000 Environment Changes each month.

Can I connect my Environment Changes to my Flows?

Yes, you can trace the changes made to your environments all the way back to the initial commit.

What does it mean to attest a Flow event?

It means that you choose to report to Kosli that a service or component has had an e.g. test or security scan, or anything else you wish to report from your CI process.

What about the actual results of the test or scan? Can I store those too?

Yes, you can store this evidence in Kosli’s Evidence Vault and link it to your attestation.

Why should I store my attestations and evidence in the Evidence Vault?

Kosli’s Evidence Vault is a secure, append-only data store that holds your data in a *tamper-evident* way. It gives you 3rd party proof that you’re following your process.

How do I access my data in the Evidence Vault?

There’s a link to the Evidence Vault next to the metadata for your artifacts in the Kosli app. Click and download.

Can I record a business process in Kosli?

Yes, for this we have the Audit Trail feature. An example of a business process that you might want to log in an Audit Trail is the provisioning and revoking of user accounts and access. You can store your Audit Trails in the Evidence Vault.

How does Kosli help me to pass a software audit?

For this we have an **Export to CSV** feature. Simply select the evidence you would like to export e.g. all deploys to production, choose a date range, and export your evidence in an auditor-friendly format. In the free tier data retention is limited to 90 days, so to export data older than that you should choose the Pro plan.

How does Kosli help me to prove compliance with my process?

By recording all the changes to your environments, and connecting them to all the events that happen in your Flows, Kosli gives you real time compliance status for all running artifacts. Is a component in production missing e.g. a unit test? Kosli will flag it up with a Notification. As with passing a software audit, proving compliance in the free tier is only possible within the last 90 days. For a longer compliance record you should choose the Pro plan.

How does Kosli help me with security?

By recording every change to your environments Kosli detects unauthorized workloads, off-pipeline changes, and malicious deployments, and can alert you to them with notifications.

What is a notification in Kosli?

Kosli can provide various notifications on events like deployments, compliance issues, and scaling events.

Does Kosli support the runtimes we use in our organization?

Yes, Kosli supports Kubernetes, AWS Lambda, S3 buckets, Azure and more.

What about the CI server we use?

We’re completely agnostic when it comes to your tool choices - Jenkins, Circle CI, Travis, Bitbucket - Kosli integrates with all of them.

What about my industry or standard?

Kosli works for teams in any industry (finance, health, automotive, etc) and also for compliance to any standard like ISO, SOC2, FedRamp, etc.

Does Kosli need access to my systems?

No, you install Kosli CLI to monitor, log, and ship information to Kosli

Do you have an on-prem option?

Yes, we realize some of our customers have a no-cloud policy, so on-prem is available for Enterprise customers.

Can you meet our specific data residency needs?

Yes, Enterprise customers can choose to have their data stored in a specific jurisdiction

Can I have annual billing?

Yes, this is available for Enterprise customers

Can I have Single Sign-On?

Yes, this is available for Pro and Enterprise customers.

Can I lock down Kosli access to my network?

Yes, for Enterprise customers we offer a managed single tenant option which can be restricted to your network environment.

Automate the collection, correlation, and storage of control evidence

Introducing Evidence Vault, unlock efficiency and compliance with total automation in your internal controls testing process. Create an accessible and transparent audit-trail - instantly. No more searching, and digging, save hours of manual work.

Book a Demo Try for free

Centralize the evidence gathering in one tool

Don’t spend time searching scattered information across your tools. Get a single pane view of all your hard-proof, securely store in Evidence Vault.

Release compliant software without risks or delays

Securely upload evidence files and attestations, generating an immutable, append-only repository of verifiable evidence.

Produce full audits with a simple export to CSV

Eliminate the highly-manual, burdensome, and ambiguous task of gathering evidence for internal controls testing. Focus on your core business, while going through audits.

Software delivery compliance and audit for any standard

What is Evidence Vault?

The Evidence Vault is an immutable, append-only repository of verifiable evidence. This innovation is the stepping-stone towards achieving total automation in the internal controls testing process.
With Evidence Vault you have the receipts, together with the corroborating evidence and a manifest of SHAs, proving all flow attestations and evidence. This means you’re ready to give a Great Answer to any question an auditor might have when they dig into your changes.

Try for free

Security and Transparency, in the core of Evidence Vault

Immutable and tamper-proof evidence storing

Collect and store all the proof you will need for an audit in Kosli’s secure, immutable and append-only database.

By calculating the fingerprint of the evidence you have in store, and comparing with the fingerprint of the evidence when it was reported, you know right away if it’s the same or if it has been manipulated.

Automate the collection of evidence for your software audit

Whether you need to collect proof of your unit tests or vulnerability tests, the evidence is collected automatically through your CI pipeline and is supplied against your artifact or even against the commit that produced your artifact.

Additionally, you can provide external links to canonical sources, and now you always know you have the full proof you need when it comes to audit time.

Cartoon characters celebrating in front of devops loop

Reduce cost and time by up to 95%

Internal controls testing is the most expensive part of any audit process where humans have to manually collect the evidence. This information is usually scattered across tools which makes it increasingly time consuming and costly.

With Kosli, all this information is collected and securely stored in our append-only database and can be easily exported with a click of a button (literally!) - and it is ready for the auditors.

Cartoon character in front of report documents

See how Evidence Vault works for your case

Book a demo

“We always know our compliance status in real time and that gives us a lot of freedom to deliver our changes”

Cato Auestad, Chief Technology Officer @Firi

View Firi’s customer story

“We didn’t spend any extra time gathering evidence manually because all of it had already been recorded in Kosli”

Øyvind Fanebust, Partner @Stacc

View Stacc's customer story

“We now have a central system of record where the auditor can see a complete audit trail of changes across multiple systems”

Alex Kantor, Director of Technology @Modulr

View Modulr's customer story

“We believe that DevOps is the key to our success, and in our industry being able to automate change management is an important part of our technical strategy”

Andreas Røe, Chief Technology Officer @ZTL

View ZTL's customer story

"Kosli doesn’t just help us to respond to incidents, it helps us to reduce their frequency"

Mark Martin, Sr. Director Platform Engineering @SolarWinds

View SolarWind's customer story

Collect and report evidence of any type

Snyk scan

Automatically report Snyk scan evidence on Kosli by using the flag --scan-results

Learn more

Release Approvals

Report JUnit test evidence for an artifact in a Kosli flow using the flag --results-dir

Learn more

Document

Upload and report any document that you need, from .xml to JSON format

Learn more

Not your typical security and compliance automation platform

With the Evidence Vault, Kosli takes a leap beyond other leading compliance solutions, addressing the pressing needs of software delivery compliance evaluations for standards including SOC2, ISO 27001, GDPR, PCI DSS, and more.

With Evidence Vault, you can provide proof at your code level. In combination with the Audit Trail, you can export the list of all deployments in a auditor-friendly format.