A Flow records the journey from commit to production for a service or component. A Flow is where attestations for builds, pull requests, tests, security scans, etc are recorded.

Do all Flows cost $99? What do the discounts look like?

Paid Flows start at $99, but discounts start to kick in when you reach 50 Flows and become increasingly cheaper as you scale. Contact us for specifics on your needs.

What is an Environment Change?

An Environment Change is recorded with a snapshot whenever a deployment, termination or scaling event occurs in your runtime environment. This snapshot is sent to Kosli.

Why does Kosli record Environment Changes?

Environment Changes build a record of snapshots of how your runtimes are really changing. This record allows you to quickly identify unauthorized changes, and is the basis for your compliance and audit status.

What happens when I go over my Flows/Environment Change quota?

We’ll get in touch to discuss how to scale your plan to meet your needs.

What happens at the end of the 30 day free trial?

You can decide to proceed to a paid plan or scale back down to the Free tier.

Are all of the essential features available in the free tier?

Yes, all of Kosli’s key features for audit, compliance and security are available in the free tier.

When/Why would I need to upgrade from the Free Tier to the Pro?

You need to upgrade if you exceed 10 Flows, make more than 5,000 Environment Changes each month, or require longer than 90 days of data retention. Larger organizations with audit and compliance requirements usually start with a free trial of the Pro Plan.

Can I record Environment Changes and Flows in the Free Tier?

Yes, you can record up to 10 Flows and 5,000 Environment Changes each month.

Can I connect my Environment Changes to my Flows?

Yes, you can trace the changes made to your environments all the way back to the initial commit.

What does it mean to attest a Flow event?

It means that you choose to report to Kosli that a service or component has had an e.g. test or security scan, or anything else you wish to report from your CI process.

What about the actual results of the test or scan? Can I store those too?

Yes, you can store this evidence in Kosli’s Evidence Vault and link it to your attestation.

Why should I store my attestations and evidence in the Evidence Vault?

Kosli’s Evidence Vault is a secure, append-only data store that holds your data in a *tamper-evident* way. It gives you 3rd party proof that you’re following your process.

How do I access my data in the Evidence Vault?

There’s a link to the Evidence Vault next to the metadata for your artifacts in the Kosli app. Click and download.

Can I record a business process in Kosli?

Yes, for this we have the Audit Trail feature. An example of a business process that you might want to log in an Audit Trail is the provisioning and revoking of user accounts and access. You can store your Audit Trails in the Evidence Vault.

How does Kosli help me to pass a software audit?

For this we have an **Export to CSV** feature. Simply select the evidence you would like to export e.g. all deploys to production, choose a date range, and export your evidence in an auditor-friendly format. In the free tier data retention is limited to 90 days, so to export data older than that you should choose the Pro plan.

How does Kosli help me to prove compliance with my process?

By recording all the changes to your environments, and connecting them to all the events that happen in your Flows, Kosli gives you real time compliance status for all running artifacts. Is a component in production missing e.g. a unit test? Kosli will flag it up with a Notification. As with passing a software audit, proving compliance in the free tier is only possible within the last 90 days. For a longer compliance record you should choose the Pro plan.

How does Kosli help me with security?

By recording every change to your environments Kosli detects unauthorized workloads, off-pipeline changes, and malicious deployments, and can alert you to them with notifications.

What is a notification in Kosli?

Kosli can provide various notifications on events like deployments, compliance issues, and scaling events.

Does Kosli support the runtimes we use in our organization?

Yes, Kosli supports Kubernetes, AWS Lambda, S3 buckets, Azure and more.

What about the CI server we use?

We’re completely agnostic when it comes to your tool choices - Jenkins, Circle CI, Travis, Bitbucket - Kosli integrates with all of them.

What about my industry or standard?

Kosli works for teams in any industry (finance, health, automotive, etc) and also for compliance to any standard like ISO, SOC2, FedRamp, etc.

Does Kosli need access to my systems?

No, you install Kosli CLI to monitor, log, and ship information to Kosli

Do you have an on-prem option?

Yes, we realize some of our customers have a no-cloud policy, so on-prem is available for Enterprise customers.

Can you meet our specific data residency needs?

Yes, Enterprise customers can choose to have their data stored in a specific jurisdiction

Can I have annual billing?

Yes, this is available for Enterprise customers

Can I have Single Sign-On?

Yes, this is available for Pro and Enterprise customers.

Can I lock down Kosli access to my network?

Yes, for Enterprise customers we offer a managed single tenant option which can be restricted to your network environment.

Automated audit trails for your software and infrastructure pipelines

Your software is constantly changing, but your release and audit processes are still manual and risky. Record every change with Kosli Flows and deliver with maximum speed and automated compliance.

Book a Demo Try for free

Record every CI pipeline event from commit to production

Continuous compliance for your SDLC with an automated record of every build, test, security scan, pull request, and more. No more tickets, screenshots, or spreadsheets.

Record every Infrastructure as Code workflow

Continuous compliance for your IaC changes with an automated trail from source, plan, approval and roll-out. No more digging through logs, repos, or cloud consoles.

Record audit trails for critical business processes

Because there’s more to software compliance than code changes. With Kosli Flows you can record feature toggles, user account provisioning, config changes and more.

Kosli supports audit, compliance, and security for any industry standard

What is a Flow?

A Flow is a unified store for any value stream. So whether you want to record software changes from requirement to production, terraform IaC workflows, or even custom business processes, Kosli has easy-to-use tools that drop into your tools and scripts.

No matter how fast you go, you always have control over compliance, security and audit.

Learn more about Flows

Record, connect, search, prove! Never waste another minute digging for logs, screenshots and paperwork

Ensure continuous compliance to your secure SDLC

Does every change in production have code review? Has every workload been scanned for vulnerabilities? Have new pipelines been created that don’t follow our SDLC? Get immediate answers to these questions with Kosli.

Deliver faster with compliance built in to every commit

Reactive manual gates slow down your delivery process and create bigger, riskier changes.

With compliance automation, every change is compliant by design with zero-trust, enabling you to ship with confidence.

A Unified Data Platform for every change

How many deployments did we do last week? How long does it take from commit to production? Which of our systems has CVE’s over 7.5? This data is hidden across tools, pipelines and teams, making improvement impossible.

With Kosli you get a unified data platform providing real-time observability across CI systems, devops tools, and production runtimes.

See how Kosli flows can work for your team

Book a demo

“We always know our compliance status in real time and that gives us a lot of freedom to deliver our changes”

Cato Auestad, Chief Technology Officer @Firi

View Firi’s customer story

“We didn’t spend any extra time gathering evidence manually because all of it had already been recorded in Kosli”

Øyvind Fanebust, Partner @Stacc

View Stacc's customer story

“We now have a central system of record where the auditor can see a complete audit trail of changes across multiple systems”

Alex Kantor, Director of Technology @Modulr

View Modulr's customer story

“We believe that DevOps is the key to our success, and in our industry being able to automate change management is an important part of our technical strategy”

Andreas Røe, Chief Technology Officer @ZTL

View ZTL's customer story

"Kosli doesn’t just help us to respond to incidents, it helps us to reduce their frequency"

Mark Martin, Sr. Director Platform Engineering @SolarWinds

View SolarWind's customer story

Record the complete timeline for every change

Cryptographic Fingerprints

Take cryptographic fingerprints to make sure the artifact you qualify is the one you deploy

Learn more

Deployment Controls

Automate deployment controls to make sure only compliant software is running

Learn more

Release Approvals

Generate release approvals from version control or Slack. Deploy without screenshots.

Learn more

Risk Controls

Take risk controls out of tickets and meetings and automate them in your CI pipelines.

Learn more

Attestations

Record Git commit info, Artifact sha, Build url & more to achieve Binary Provenance

Learn more

Software regualtions, NIST, SOCII, HIPPA, FedRAMP, ISO, PCIDSS, SCF, FDA, IEC, ISAE

Not your typical security and compliance automation platform

With Flows, Kosli takes a leap beyond other leading compliance solutions, addressing the pressing needs of software delivery compliance evaluations for standards including SOC2, ISO 27001, GDPR, PCI DSS, and more.

With FLows, you can record the proof at your code level. In combination with Evidence Vault and Audit Trail, you can export the list of all deployments in a auditor-friendly format.