The kosli attest generic CLI command can attest anything, but unlike a “typed” attestation (such as kosli attest snyk), it does not calculate a true/false compliance value for you. Customers have reported that while a generic “escape hatch” is useful, it nevertheless has some drawbacks: It can take some effort to calculate a true/false value in some cases. It would be nice to split generic attestations into different types. Most importantly, many customers would prefer it if Kosli cal...| Blog | Kosli on Kosli - Make Friends with Change
Introducing kosli attest custom—a powerful new way to define and automate compliance attestations in Kosli. Unlike generic attestations, custom attestations allow you to create reusable types, and enforce compliance rules with schemas and jq expressions. Importantly, they allow Kosli to calculate all true/false compliance values as part of a zero trust model. Learn how to implement custom attestations in your CI workflow with real-world examples from Cyber-Dojo’s differ microservice.| Kosli
All but one of the kosli attest commands calculate the true/false compliance value for you based on their type. For example, kosli attest snyk can read the sarif output file produced by a snyk scan. The one that doesn’t is kosli attest generic which is “type-less”. It can attest anything, but Kosli cannot calculate a true/false compliance value for you. Often the tool you are using can generate the true/false value, which is then easy to capture.| Blog | Kosli on Kosli - Make Friends with Change
The heart of Kosli’s functionality lies in its attest command. Think of it as a digital notary for your CI process. Every time you complete a significant step in your pipeline (e.g., a security scan, a build, a deployment, etc) you use kosli attest to create an immutable record of that event. However, integrating Kosli into your existing CI workflow isn’t always straightforward. You might find yourself grappling with questions like:| Blog | Kosli on Kosli - Make Friends with Change