Built for compliance and security

Kosli has been built to seamlessly integrate into your DevOps workflows and start recording and securely storing all your software changes from your CI pipelines, runtime environments and infrastructure. Ensure compliance, security and observability across your teams and projects.

Request a demo Start for free

Record environment changes

Automatically run a regular job to query each environment, recording real-time data on how they change.

Your environment data is stored in a secure append-only database using a unique content based ID for each running artifact (eg. docker image digest).

Record pipeline events

Report every CI pipeline event of interest (builds, security scans, test results, approvals, deployments, etc.) to record real-time data on what happens to your software.

Your pipeline data is stored in a secure append-only database using the git commit or artifact SHA as the unique ID for each event.

Query anything!

Kosli can tell you what’s running in any environment now, in the past, and how it has changed

Kosli can tell you the complete history of builds, tests, approvals, and deployments across all your pipelines

All this data is avalible in your browser and from your command line.

Kosli concepts - Recording your SDLC for audit, compliance and security

Attestation: a record of a fact you care about

Examples:

This build in CI pipeline | in Kosli
This test execution in CI pipeline | in Kosli
This security scan in CI pipeline | in Kosli
This deployment approved in CI pipeline
This pull request in CI pipeline | in Kosli

Trail: a chain of related attestations

Examples:

This CI run example
This journey to production
This terraform workflow example
This server access
This cron job in CI pipeline | in Kosli
This employee’s offboarding

Flow: a collection of trails for a given process

Examples:

CI/CD runs for Payments api service
Terraform workflows for production account example
JIRA ticket development work
Feature flag changes

Snapshot: a record of the artifacts in a runtime system at a point in time

Examples:

The running artifacts in a AWS ECS namespace example
The running pods in a k8s cluster
The terraform state files in an S3 bucket
The functions in AWS Lambda
The files in a directory

Environment: a history of snapshots for a runtime system over time

Examples:

How this k8s cluster changes example
How this S3 bucket changes
How this directory changes
How this lambda changes

Action: trigger external systems based on changes

Examples:

Send a slack message when a deployment is detected
Start a CI process when an environment changes
Open an incident ticket when an unexpected change occurs

Get continuous compliance with DevOps Change Management

Artifact Provenance

Kosli uses cryptographic fingerprinting to record a tamper-proof identity for every artifact in your controlled build process

View Binary Provenance docs >

Risk Controls as Code

Kosli logs the evidence from each step in your software development life cycle, building an audit trail of risk controls for each artifact

Release Approvals

With Kosli you can generate release approvals via version control, CI, or even Slack events. Compliant deploys without the ceremony

View Release Approvals docs >

Diagram comparing human in the loop vs Kosli approvals without the paperwork

Deployment Controls

Automatically ensure only compliant software is deployed by verifying binary provenance, risk controls, and approvals as part of your deployment process

Deployment Logs

Record every change to every environment in a fully auditable environment log

View Deployment Logs docs >

Environment Reports

Real-time reporting from operations provides full observability over what’s really running in production. A complete history of change that’s instantly available

Bringing Dev and Ops closer together

DevOps Freedom

Kosli frees regulated teams to deliver at the speed of DevOps, with any tools, in any industry, for any standard.

Technical documentation >

Compliance and Speed

Kosli maintains Continuous Compliance at high rates of change by automating change management in your DevOps.

Technical documentation >

4D Observability

Kosli can tell you what’s in production, how it got there, and if it’s compliant – for any point in time.

Book a live demo >

“We always know our compliance status in real time and that gives us a lot of freedom to deliver our changes”

Cato Auestad, Chief Technology Officer @Firi

View Firi’s customer story

“We didn’t spend any extra time gathering evidence manually because all of it had already been recorded in Kosli”

Øyvind Fanebust, Partner @Stacc

View Stacc's customer story

“We now have a central system of record where the auditor can see a complete audit trail of changes across multiple systems”

Alex Kantor, Director of Technology @Modulr

View Modulr's customer story

“We believe that DevOps is the key to our success, and in our industry being able to automate change management is an important part of our technical strategy”

Andreas Røe, Chief Technology Officer @ZTL

View ZTL's customer story