Welcome to the Kosli blog: the shooting start of all news on DevOps, automation, continuous compliance and change management.| Kosli
Another month another changelog packed with updates that improve the functionality of the platform and enhance user experience. As always, we’d love to hear your comments and feedback on the updates we provide regularly. Share them in our Slack Community or reach out to the support team at support@kosli.com New static API documentation You can now access a static version of the API reference documentation in Kosli docs. The interactive swagger API docs remain available within the app, acce...| Blog | Kosli on Kosli - Make Friends with Change
“What’s really running in prod?” Every engineer will hear these immortal words on a long enough timeline (or career). It might be because a new security zero day was dropped, alerts fired from the depths of a vast microservice architecture, or you might just be looking to know what commit was actually tested. Either way, it often comes with the promise of a stressful day. Let’s demystify three critical concepts for delivering secure, reliable software: binary provenance, software ...| Blog | Kosli on Kosli - Make Friends with Change
With software delivery, speed is everything. But how do you balance rapid delivery with quality, security, and compliance? To answer this question, let’s embark on a journey - one that starts in a software factory to running on the production superhighway. From Factory Floor to Open Road Gene Kim’s “The Phoenix Project” introduced us to the software factory, applying lean manufacturing principles to code production. But what happens next? DevOps orchestrates a vast network of these so...| Blog | Kosli on Kosli - Make Friends with Change
Like many software teams, here at Kosli we use a continuous delivery approach. This means that every commit to our trunk is automatically built, tested, and deployed to our production-like staging environment. This provides us with the confidence that every build is potentially deployable to production. We use our staging environment to perform final exploratory testing before we deploy to production. Deployments to production are “on-demand”. Any developer on the team can deploy the curr...| Blog | Kosli on Kosli - Make Friends with Change
Welcome to October’s edition of the Kosli Changelog. The season might be spooky, but the product updates we delivered this month are far from it. Quality over quantity is the motto for this month, with the updates focusing on logical environments and taking snapshots of all ECS clusters in an AWS account. As always, get involved with how Kosli takes shape in our Slack Community. Let a real environment say that it is part of a logical environment Option for a physical environment to say it i...| Blog | Kosli on Kosli - Make Friends with Change
We are excited to announce that we will be migrating your Kosli Flows data to Flows with Trails. This transition will unlock access to our latest features, such as the first-class Sonar integration, as well as upcoming ones like environment compliance policies and custom attestation types. Legacy Flows have served us well in the early stages, where they were designed to map the value stream of producing a single software artifact.| Blog | Kosli on Kosli - Make Friends with Change
The heart of Kosli’s functionality lies in its attest command. Think of it as a digital notary for your CI process. Every time you complete a significant step in your pipeline (e.g., a security scan, a build, a deployment, etc) you use kosli attest to create an immutable record of that event. However, integrating Kosli into your existing CI workflow isn’t always straightforward. You might find yourself grappling with questions like:| Blog | Kosli on Kosli - Make Friends with Change
We’re thrilled to introduce our latest integration with LaunchDarkly! This powerful combination allows you to keep an immutable record of all changes made to your feature flags using Kosli Trails, ensuring you have the information you need for audits, compliance checks, security investigations, and incident responses. What This Integration Does With the Kosli and LaunchDarkly integration, every change to your feature flags is captured and recorded within Kosli. You’ll get a detailed, vers...| Blog | Kosli on Kosli - Make Friends with Change
Welcome to September’s edition of the Kosli Changelog. As we brace ourselves for a wet and wild autumn our focus remains sharp on delivering updates that enhance the compliance of your software delivery processes. This month, we’ve rolled out an exciting new integration, features and UXUI improvements that we can’t wait for you to explore. As always, get involved with how Kosli takes shape in our Community. LaunchDarkly Integration We’re excited to announce our new integration with L...| Blog | Kosli on Kosli - Make Friends with Change
In today’s fast-paced development landscape, environments are no longer simple or isolated. You’re managing resources that span across development stages, geographies, and technologies. And as those environments grow more complex, so does the need for a more logical and efficient way to manage them. That’s why we’re excited to introduce Logical Environments — a powerful new feature designed to give you the ultimate control and clarity over your multi-resource, distributed environments.| Blog | Kosli on Kosli - Make Friends with Change
Static code analysis is an important part of testing your software to ensure it is release-ready. In contrast to dynamic testing, which involves executing your code to find errors, static analysis uses automated tools to “look” through the code, without executing it, to find potential errors (including potential security issues) and bugs. Since the code does not need to be executed, static testing can begin much earlier in development than dynamic testing.| Blog | Kosli on Kosli - Make Friends with Change
This month we are happy to announce that the logical environments feature is now live! This has been a big project for the team and we’re delighted to deliver it this month. Logical environments will enable you to group environments of different types so you can have a picture of what’s really happening in “Production” - or any other grouping you choose to make. Another neat edition is the ability to auto-create the flow and trail in attest commands.| Blog | Kosli on Kosli - Make Friends with Change
The DevOps Detective: “Just the facts” Picture a gruff-voiced sergeant from the classic TV series “Dragnet,” but instead of solving crimes, they are navigating the complex world of software delivery. Their catchphrase, “Just the facts” isn’t just a catch phrase – it’s the mantra we need in today’s high-stakes world of DevOps, AppSec and Compliance. From Punch Cards to Pixels: The Evolution of Software Governance Remember punch cards? If you don’t, count yourself lucky.| Blog | Kosli on Kosli - Make Friends with Change
In our journey through the evolution of compliance in the DevOps era, we’ve seen the limitations of traditional compliance methods and the high stakes of compliance failures. Manual processes, siloed teams, and a lack of automation have turned compliance into a bottleneck, hindering the agility promised by DevOps. In this third article, we’ll trace the roots of DevOps back to lean manufacturing principles and introduce the concept of the “software factory” as a revolutionary approach ...| Blog | Kosli on Kosli - Make Friends with Change
n our previous exploration of The Punchcard Paradigm, we traced the roots of modern compliance practices back to the early days of computing. We saw how the physical constraints of punchcards shaped programming practices and how those practices lingered long after the technology had evolved. Now, let’s dive deeper into why modern compliance is more critical than ever in today’s digital landscape. Why Compliance Matters At its core, compliance is about ensuring the reliability, security, a...| Blog | Kosli on Kosli - Make Friends with Change
Welcome to July’s edition of the Kolsi Changelog, This month, we’re excited to introduce our latest updates and improvements designed to enhance your software evidence management experiance. So if you havent reached for the beach towel and sun cream yet read on to discover all the new enhancements we’ve rolled out! 💻 Slack integration now available in Kosli app We’re excited to announce that Slack integration has now been added to the Kosli app, This feature allows you to automate ...| Blog | Kosli on Kosli - Make Friends with Change
In the early days of computing, creating software was a physical act, more akin to factory work than the streamlined digital process we know today. Programmers meticulously transcribed logic onto coding sheets, distinguishing zeros from ‘Os’ and ones from ‘Is’. These cryptic symbols formed the instructions that would be punched into thick card stock decks. It was a laborious process that resembled typing pools, but it offered an important quality checkpoint – the ability to visually...| Blog | Kosli on Kosli - Make Friends with Change
June is here and the beer garden is calling our name, but that hasnt stopped us shipping some great new improvements this month. We have a few new features and quality of life enhancements on our UX and UI that we think you’ll like including our new Dashboards, avalible now in Beta! 📊 Dashboards Beta is now live Kosli introduces the Organization Dashboard, offering leadership a comprehensive view of compliance metrics.| Blog | Kosli on Kosli - Make Friends with Change
We are thrilled to announce a strategic partnership between Kosli and Swiss Digital Network (SDN). This collaboration is set to revolutionize how Swiss organizations approach Continuous Compliance and Verification, combining the strengths of both companies to enabeling regulated sectors like finance and healthcare the power to deliver software with security, compliance, and speed About Swiss Digital Network Swiss Digital Network is a leading consulting network known for its expertise in digit...| Blog | Kosli on Kosli - Make Friends with Change
We’ve kept ourselves busy this April, in spite of the holidays and the call of the sunny outdoors. This month, Kosli has been improved with a number of new features and quality of life enhancements that we think you’ll like. Add support for AWS Code Build environment default variables in the cli If you use AWS Code Build as your CI system, Kosli CLI (starting from v2.9.1) will default the following flag values for you:| Blog | Kosli on Kosli - Make Friends with Change
One of the big things we’ve learned since starting Kosli is that engineers often struggle to define an SDLC for compliance purposes. That doesn’t mean they don’t know how to deliver secure, quality software. They’ve just never had to actually define a process for how they do it. Perfectly capable engineers can spend years shipping great products and features without ever having to properly define and standardize their SDLC. But that changes when they move into a regulated industry, or...| Blog | Kosli on Kosli - Make Friends with Change
Spring is definitely here! Northern Europe is starting to thaw and the sun is making the occasional appearance. Here’s some of the latest changes we’ve prepared for you. Tags for Flows & Environments Meet Tags - enabling you to add metadata to your Kosli Environments and Flows. Using the latest v2.8.8 of the CLI you can add key/value pairs to Flows or Environments. You can see these tags over on the public cyber-dojo project in Kosli: https://app.| Blog | Kosli on Kosli - Make Friends with Change
Every software purchasing decision has a security impact, and with information security threats on the rise, companies are increasingly concerned about third party vendor risks. That’s why for companies to sell software these days it is no longer enough to be secure, you also need to be able to prove it. Over the last year or so we’ve noticed an increasing expectation that software companies, even SMEs and startups, should be SOC 2 compliant.| Blog | Kosli on Kosli - Make Friends with Change
In this article I’m going to introduce Kosli Trails. This is a new feature that allows you to record an audit trail for any DevOps process. It’s already in production and being used to record Terraform pipelines, CI processes, server access, feature toggles, and more. How it all started - change management for DevOps Like most software startups, in Kosli’s early stage, we focused on solving a narrow problem: we wanted to solve change management for regulated software teams by recordin...| Blog | Kosli on Kosli - Make Friends with Change
Infrastructure as Code (IaC) has emerged as a cornerstone for efficiently managing and provisioning infrastructure. Among the many tools available, Terraform has gained unparalleled popularity, offering a declarative approach to defining and deploying infrastructure. But as organizations increasingly embrace IaC to achieve scalability, consistency, and agility, a critical challenge emerges: how to ensure compliance and authorization for infrastructure changes. With rapid and dynamic transfo...| Blog | Kosli on Kosli - Make Friends with Change
It’s already March, the sun is starting to show up again here in Northern Europe, the snow is melting away, and the Kosli team has been hard at work, making good use of that extra leap day in February! This month we are delivering some performance improvements, some updates to existing features, and some exciting new features. Introducing Trails We noticed that some of our customers were creating “fake” artifacts so they could keep records for critical changes outside of pipelines.| Blog | Kosli on Kosli - Make Friends with Change
We are thrilled to announce that Kosli has successfully completed a SOC 2 Type 2 audit, demonstrating our commitment to the security, quality, and operational excellence our customers expect. This achievement builds upon our existing SOC 2 Type 1 compliance, further solidifying our dedication to robust security practices. What is SOC 2 Type 2 Compliance? A SOC 2 Type 2 report goes beyond simply documenting security policies and procedures. It involves an independent audit that verifies the ef...| Blog | Kosli on Kosli - Make Friends with Change
The Kosli team starts the new year with endless energy and some exciting news for you! This month, we’ve delivered not only bug fixes and performance improvements but also a couple of highly requested features. More details about them are provided further in the post. Rename flows and environments Long awaited feature to rename flows and environments is now available in CLI v2.7.3 and later, and also in the API.| Blog | Kosli on Kosli - Make Friends with Change
DevOps teams play an increasingly important role in all types of software companies. From legacy organizations to cloud-native startups, the DORA metrics tell us that the performance of the DevOps team correlates very closely with the overall success of the business. But, as DevOps starts to be adopted across highly regulated industries, we no longer live in a world where it’s ok to “move fast and break things.” For banks, healthcare companies, car manufacturers, etc.| Blog | Kosli on Kosli - Make Friends with Change
Kosli allows regulated organizations to scale their continuous delivery so that they can deploy changes to production at maximum speed without the risk of non-compliance. It does this by recording all of the data you need to get through regulatory events like audits. With Kosli you can record everything that happens in your software delivery process from initial requirement all the way through to deployment to production. Events like builds, tests, scans, code reviews, etc.| Blog | Kosli on Kosli - Make Friends with Change
The DevOps Change Management Content Hub is a set of resources for modern software teams who struggle to align their DevOps automation with their change management requirements. In our experience, cloud native teams with lots of automation struggle when they run into a compliance event like an audit, or need to achieve a security standard like SOC2 or ISO27001. How do you comply without adopting old fashioned change management practices and screwing up your DevOps?| Blog | Kosli on Kosli - Make Friends with Change
The Continuous Compliance content hub is a set of guides for DevOps teams who need to move fast while remaining in compliance for audit and security purposes. We know that the old change management processes for software releases that happened once every 6 months don’t scale for DevOps teams who want to deploy every day. This is where Continuous Compliance comes in. You can deploy software freely to production with compliance baked into every change and these resources are designed to help ...| Blog | Kosli on Kosli - Make Friends with Change
DevOps has accelerated the delivery of software, but it has also made it more difficult to stay on top of compliance issues and security threats. When applications, environments and infrastructure are constantly changing it becomes increasingly difficult to maintain a handle on compliance and security. For fast-moving teams, real time security monitoring has become essential for quickly identifying risky changes so they can be remediated before they result in security failure.| Blog | Kosli on Kosli - Make Friends with Change
Modern software delivery teams find themselves under constant pressure to maintain security and compliance without slowing down the speed of development. This usually means that they have to find a way of using automation to ensure robust governance processes that can adapt to evolving cyber threats and new regulatory requirements. Achieving compliance with ISO 27001, an international standard for information security management, is one of the clearest ways for companies to signal that they t...| Blog | Kosli on Kosli - Make Friends with Change
Over the last two to three years, we’ve seen increasing demands on all kinds of software companies to comply with security and compliance standards. More and more organizations are looking to benefit by moving their operations to the cloud, but this increases the potential for cybersecurity attacks and breaches. A new type of compliance vendor has emerged to help companies that must comply with the security standards designed to ward off cybersecurity threats.| Blog | Kosli on Kosli - Make Friends with Change
Christmas is around the corner and like many we at Kosli are also looking forward to the upcoming holiday break. So we will share the December changelog with you a bit earlier than usual. This month we have done a lot of work on improving code quality and security, and we continue working on some cool big features that you will see soon. But in the meantime, here are some Christmas goodies for December 🎅| Blog | Kosli on Kosli - Make Friends with Change
As the year comes to an end, we are taking a look back on the major data breaches and vulnerabilities that disrupted the security of both small, and large and very important organizations around the world and across all industries. According to a recently published report: in the first three quarters of 2023, the number of ransomware attacks increased by almost 70% compared to the first three quarters of 2022 and over 80% of data breaches involved data stored in the cloud.| Blog | Kosli on Kosli - Make Friends with Change
In this blog post, I take a look at modern IT governance by applying the classic “Three Ways” of DevOps principles originally introduced by Gene Kim in his seminal 2012 article. “We assert that the Three Ways describe the values and philosophies that frame the processes, procedures, practices of DevOps, as well as the prescriptive steps.” Here’s a quick reminder of the three ways set out by Gene: The First Way: Flow/Systems Thinking The Second Way: Amplify Feedback Loops The Third ...| Blog | Kosli on Kosli - Make Friends with Change
Let’s not beat around the bush: change management is a prehistoric discipline desperately in need of fresh thinking. Its “best practices” are frankly terrible. Nobody honestly thinks manually filling out change tickets, waiting for CAB meetings and external approvals does anything to meaningly reduce risk. Change management is slow, inconsistent, doesn’t scale, and is prone to error. Of course, lots of teams know this and more and more of them are delivering change via automated appro...| Blog | Kosli on Kosli - Make Friends with Change
*Disclaimer: The complete Backstage guide is open sourced on Github and you can suggest changes to the content if you know it needs updates. We continuously review the pull requests and improve the content based on your feedback.* Backstage, a development portal, allows developers to maintain constant vigilance over the health of their networks and services, no matter where they are deployed. This is invaluable to teams, as many different deployments across different environments need to be ...| Blog | Kosli on Kosli - Make Friends with Change
November has been a busy month for our team as we dive deep into crafting a new big feature. But in the midst of the coding chaos and hot debates, we’ve still managed to sprinkle in some cool smaller features for you in this month’s changelog. Add a parameter to specify the approver in an approval Approvals for deployments are a common and important part of the software delivery process. But who approved it?| Blog | Kosli on Kosli - Make Friends with Change
Let’s talk about what ISO 27001 compliance means for the tech team. If you’re a CTO, DevOps team lead, or cyber security specialist, you’ll have a lot of plates spinning at any given point in time. You need to ensure and maintain security protocols and compliance without hindering the development team’s ability to test and deploy new code (often at scale). It’s a constant battle to align development speed with governance tasks like audit, compliance, and security.| Blog | Kosli on Kosli - Make Friends with Change
Today, federal agencies rely extensively on Cloud-based SaaS applications for everything from payment processing and document management, to data security and employee workflow automation. These tools help departments to function very efficiently, but because they are being used for essential government functions, it’s vital that they are safe and secure. For example, personnel at The Pentagon or The Department of Homeland Security can’t just choose any software vendor in the marketplace.| Blog | Kosli on Kosli - Make Friends with Change
If you’re using containers to deploy your software, it is important to be aware of potential vulnerabilities within your container images. These may be introduced through dependencies in your built image, or perhaps through dependencies within the base image(s) used to build your image. Snyk is one of the most popular tools for scanning container images for vulnerabilities - you may well already run a snyk container test when you deploy code through your CI pipeline.| Blog | Kosli on Kosli - Make Friends with Change
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit pull requests if you think the content needs to be updated. We maintain the information thanks to your feedback. This final article in the “Succeeding with Backstage” series focuses on how you can incorporate Backstage as part of a broader developer productivity engineering (DPE) initiative.| Blog | Kosli on Kosli - Make Friends with Change
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit pull requests if you think the content needs to be updated. We maintain the information thanks to your feedback. This third installment of the “Succeeding with Backstage” series explores how you can improve the adoption of Backstage within your organization.| Blog | Kosli on Kosli - Make Friends with Change
Until fairly recently, software releases happened once or twice a year, maybe once a quarter. This gave IT teams plenty of time to verify and manually sign off on every change before they were released in big batches during a bank holiday weekend or off-peak hours. Typically, they’d produce paperwork to show that all changes had been properly tested, and then those changes would be approved for release in a change advisory board meeting (CAB).| Blog | Kosli on Kosli - Make Friends with Change
This second installment of the “Succeeding with Backstage” explains how to create a custom Backstage plugin. For many use cases, customizing the platform’s look using the methods from the last part and integrating existing plugins will be enough to align Backstage with your organization’s needs. But what happens when the plugin directory doesn’t have a plugin that solves your particular problem? You create a custom plugin, of course. This article demonstrates how you can create cust...| Blog | Kosli on Kosli - Make Friends with Change
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit pull requests if you think the content needs to be updated. We maintain the information thanks to your feedback. This is the first article in the “Succeeding with Backstage” series. This series is for those with a working Backstage implementation who want to ensure smooth adoption and ongoi...| Blog | Kosli on Kosli - Make Friends with Change
It’s spooky season and, at least here in my house, we are overflowing with costumes, pumpkins, and sweets. Happily, there’s no tricks from the Kosli team, only treats! Further API Key improvements Last month, we shared our new rotatable API keys. This month, we’ve taken steps to improve them even more. The key change here is that we never store your API keys in our database – we store a secure, one-way, hash of the API key.| Blog | Kosli on Kosli - Make Friends with Change
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit pull requests if you think the content needs to be updated. We maintain the information thanks to your feedback. This third part of the “Implementing Backstage” series explains how to integrate Backstage with existing tools and plugins.| Blog | Kosli on Kosli - Make Friends with Change
The fast-paced nature of modern software development means developers are capable of deploying changes to production multiple times a day. But, while DevOps allows development teams to deliver new features faster, increased deployment frequency can make it more difficult to stay on top of security threats. It only takes one malicious or incompetent change to dramatically increase the risk exposure of an application. DevOps environments are constantly changing, so it’s a challenge to achiev...| Blog | Kosli on Kosli - Make Friends with Change
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit pull requests if you think the content needs to be updated. We maintain the information thanks to your feedback. This final part of the “Implementing Backstage” series focuses on how to deploy Backstage on Kubernetes. This tutorial is a direct continuation of Using the Kubernetes Plugin in ...| Blog | Kosli on Kosli - Make Friends with Change
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit pull requests if you think the content needs to be updated. We maintain the information thanks to your feedback. This second last part of the “Implementing Backstage” series explains how to use the Kubernetes plugin in Backstage using real-world scenarios.| Blog | Kosli on Kosli - Make Friends with Change
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit pull requests if you think This is the fourth part of the “Implementing Backstage” series and explores how to ensure your Backstage application is secure and how Backstage can contribute to more secure practices in general.| Blog | Kosli on Kosli - Make Friends with Change
According to the latest Crowdstrike report, in 2022 cloud-based exploitation increased by 95%, and there was an average eCrime breakout time of 84 minutes. Just as significantly, in 2021, the Biden administration passed an executive order to improve the nation’s cybersecurity standards. There are also upcoming laws like DORA in the European Union. So, increased cyber attacks and legislative pressures mean you need to (a) actively protect against threats and (b) prove that you are doing so.| Blog | Kosli on Kosli - Make Friends with Change
This article is the second installment of the “Implementing Backstage” series and focuses on how to use Backstage’s core features. Backstage has an extensible plugin architecture in active development and large community support and offers simplified tool management, workflow optimization, and time-saving features. However, to reap these benefits, you need to know how to use Backstage’s core features, including its software catalog, templates, documentation, and search. In this articl...| Blog | Kosli on Kosli - Make Friends with Change
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit pull requests if you think the content needs to be updated. We maintain the information thanks to your feedback. Backstage is a platform for building developer portals. Originally developed internally at Spotify, it’s now open source and available through GitHub.| Blog | Kosli on Kosli - Make Friends with Change
How do you “keep the receipts” for your software process? Is it possible to automate change controls and deploy software with Continuous Compliance? Earlier this year, Mike appeared on the CodeStory podcast where he was interviewed by Noah Larbert. He explains how lessons learned as a DevOps consultant in regulated industries led to the realization that change management, risk controls and traceability were all part of a general governance problem that could be solved with automation.| Blog | Kosli on Kosli - Make Friends with Change
September kicked off with some very pleasant, and warm, late summer / early autumn sunshine, at least here in Northern Europe. But Autumn has now officially landed and it brings with it a few useful little Kosli extras that the team have been busy putting together for you. Manage your API Keys Kosli’s API is how your runtime environments and CI/CD pipelines report your environment snapshots, artifacts, and evidence to Kosli.| Blog | Kosli on Kosli - Make Friends with Change
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit pull requests if you think the content needs to be updated. We maintain the information thanks to your feedback. This article is the first part of the “Evaluating Backstage” series. It covers all the basics around developer portals, introduces Backstage development, and explores how it can ...| Blog | Kosli on Kosli - Make Friends with Change
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit pull requests if you think the content needs to be updated. We maintain the information thanks to your feedback. At its core, Backstage excels at bringing together an array of diverse tools, services, and essential information, all under one roof.| Blog | Kosli on Kosli - Make Friends with Change
Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit pull requests if you think the content needs to be updated. We maintain the information thanks to your feedback. Developer portals are no longer a novelty but a necessity for organizations that offer software services. The portals centralize and streamline the developer experience with essentia...| Blog | Kosli on Kosli - Make Friends with Change
If you’re delivering software in a regulated environment, or deploying to a critical application or device, ensuring the security of your software code and dependencies is essential. One of the most popular tools for achieving this is Snyk, which gives developers the ability to find and fix vulnerabilities as part of their development workflow. Shifting left on security with Snyk is obviously great, but if you have to go through a security audit you also have to be able to prove that every...| Blog | Kosli on Kosli - Make Friends with Change
Summer vacations are over. Which is fine, because it means it’s time for Autumn vacations 😀 And Autumn is the best time of the year to visit mountains - mosquitoes are gone and the colors get unbelievable! But worry not, even if some of us are away there is always someone in the tech team left, cooking delicious features and improvements for you. Let’s have a look at the ones that we’ve just delivered!| Blog | Kosli on Kosli - Make Friends with Change
In this short blog, you will learn how to set up Kosli Notifications so your whole team can stay on top of environment changes and compliance events in real time. 🚀 In fast-paced technology landscapes, understanding how systems are changing is crucial. Developers, DevOps/Platform/SRE teams, security personnel, and management all need this information to manage operational risk, resolve incidents, and just for basic communication with each other. The trouble is, navigating change across te...| Blog | Kosli on Kosli - Make Friends with Change
Have you ever needed to provide proof that a critical business process actually took place? It’s a painful process involving all kinds of paperwork, but it’s the reality for many organizations working in highly regulated industries. For these companies, records need to be kept for actions like the provisioning of user accounts and access to sensitive records. It’s necessary, but it’s manual and time-consuming work. In response to requests from our customers to develop automation for ...| Blog | Kosli on Kosli - Make Friends with Change
Hello! Welcome to July’s edition of the Kosli Changelog. Ewelina is currently enjoying her summer vacation, so I’m here to share a couple of changes from the last few weeks, before I take my summer break. Jira Issue Commit Evidence We know many teams that use Jira to track and manage their work, and have policies that require all code changes to reference the related Jira issue. This practice provides traceability from changes to requirements.| Blog | Kosli on Kosli - Make Friends with Change
Preparing for a software audit can be a time-consuming and painful process where a lot of information needs to be gathered and verified in a provable audit trail. It means tracking down and piecing together evidence for pull requests, test reports, security scans, deployment logs, and more. This information is usually scattered across tools which are typically unsecured and unmanaged, so it can be easily deleted and/or modified. It’s hard to know if all the data has been retained, or if y...| Blog | Kosli on Kosli - Make Friends with Change
In this post you’ll learn how Kosli’s Change Forensics gives DevOps, Platform, and Site Reliability Engineers the ability to rapidly pinpoint and understand changes and events in their infrastructure and applications, and get to the cause(s) of an incident quickly. You’ve got a production incident! You’re an engineer, quietly going about your day, editing YAML in between meetings to plan the next series for infrastructure migrations. Out of nowhere, your phone starts buzzing with noti...| Blog | Kosli on Kosli - Make Friends with Change
Hello, and welcome to the June edition of the Changelog. It’s that time of the year when the days are long, the great outdoors are calling, and it’s not so easy to stay focused at work. But somehow we manage! And we have cooked up some delicious improvements for you. Let’s dig in! Lambda environment report It has been possible to report lambda type environments for a while - we started with a simple snapshot of a single lambda deployed as a zip archive.| Blog | Kosli on Kosli - Make Friends with Change
In an ideal world CI pipelines would never fail and deployments would be easy to navigate. The reality is that the journey from commit to production can fail in subtle ways that can be hard to understand. And this problem is multiplied by the number of pipelines in your system. Simple questions like “which of our 32 pipelines last deployed?”, “which pipelines don’t have Snyk scanning?” and “what should be running in production?| Blog | Kosli on Kosli - Make Friends with Change
In an increasingly interconnected and data-driven world, where information shapes decisions and fuels innovation, the integrity of data has become paramount. However, lurking beneath the surface is a silent threat that can undermine trust, compromise systems, and wreak havoc on organizations: data tampering. In this post, we delve into the realm of data tampering, exploring the vulnerabilities, the reasons behind data tampering practices, and countermeasures against them. Does your team strug...| Blog | Kosli on Kosli - Make Friends with Change
In this post we’ll explore Terraform Import, a powerful command-line tool that allows you to bring existing infrastructure under Terraform management. We’ll cover what Terraform Import is, its common use cases, and how to use it effectively. Additionally, we’ll discuss some limitations you should be aware of when using Terraform Import. Whether new to Terraform or an experienced user, this guide will help you understand and leverage Terraform Import to manage your infrastructure better.| Blog | Kosli on Kosli - Make Friends with Change
In this in-depth guide we’ll explore CRLF injection, a web application security vulnerability that can have severe consequences. First, we’ll cover what CRLF injection is, the types of CRLF injection attacks, and their potential impacts. Additionally, we’ll discuss similarities with other attacks, payloads used in these exploits, and how to prevent CRLF injection. Finally, we’ll touch on the role of OWASP in addressing this security risk. By understanding and implementing the recomm...| Blog | Kosli on Kosli - Make Friends with Change
Hello, and welcome to the May edition of the changelog. I’ve been pretty busy this last month preparing my presentation for the NDC Oslo conference. So, I drifted away from the team for a bit, only to come back and learn about a really interesting feature they’ve been cooking! Let’s take a closer look. Deployment diff for artifacts Kosli now figures out whenever a new version of an artifact replaces an older one in your environments, and if you click on the “Deployment diff” button ...| Blog | Kosli on Kosli - Make Friends with Change
This week I’ve been reading through the recent judgment from the Swedish FSA on the Swedbank outage. If you’re unfamiliar with this story, Swedbank had a major outage in April 2022 that was caused by an unapproved change to their IT systems. It temporarily left nearly a million customers with incorrect balances, many of whom were unable to meet payments. After investigation, the regulator found that Swedbank had not followed their change management process and issued a SEK850M (~85M USD)...| Blog | Kosli on Kosli - Make Friends with Change
For today’s software organizations security has never been more top of mind. On one side there is the present and growing threat of being hacked by malicious actors, set out in Crowdstrike’s recent Global threat report. And, on the other, there is a wave of cybersecurity regulation from the government to mitigate such cybersecurity vulnerabilities. Software organizations feel the heat from both sides as they work to improve their security posture in ways that will also achieve audit and c...| Blog | Kosli on Kosli - Make Friends with Change
Authentication is the security process that verifies a user’s identity in order to grant access to their online account. It also functions as the gateway to your product. It’s a workflow you can’t compromise on without risking negative impacts on your users and your company. Fortunately, there are lots of authentication services that can do the heavy lifting for you. It’s important to understand what you can do in case of an authentication failure, when to do it, and why.| Blog | Kosli on Kosli - Make Friends with Change
In this post, we’re going to learn about the Ansible copy module. Before we look at the copy module specifically, let us first remind ourselves what Ansible is. You can install this open-source software on just one Linux machine. Then it can perform a lot of tasks on connected Linux machines without requiring Ansible installation on them. You can do tasks like copying files, fetching files, and a lot of other things all on connected machines, with a single command.| Blog | Kosli on Kosli - Make Friends with Change
Command injection is a kind of cyber attack that allows an attacker to execute arbitrary commands on a system. Attackers accomplish this by exploiting vulnerabilities in an application’s input validation process. How Command Injection Works Command injection attacks occur when an application passes unsafe user input to a system shell. In these instances, attackers can manipulate the input data to include additional commands, granting them unauthorized access to the underlying system.| Blog | Kosli on Kosli - Make Friends with Change
Continuous security monitoring software for DevOps teams is essential to flagging potential vulnerabilities at the code-level. See how it works here.| Kosli