How Kosli automates governance by design across the flow of software delivery.| Kosli
We’ve just wrapped up London’s 2025 Open Source Finance Forum (OSFF) in London and in this blog I’ll try to capture the key highlights from this year’s event while they’re still fresh. Dominant themes were the increasing prominence of legislation and governance frameworks, and what these mean for developers and practitioners. From insightful keynotes on stage to animated conversations over lunch, all around the event there appeared to be widespread agreement that it’s time to get...| Blog | Kosli on Kosli - Make Friends with Change
Audits are painful for developers AND compliance teams We’ve solved audits for evidence collection. With AI we’ll solve it for evidence evaluation What is the point of an SDLC audit? Audits are a slow and expensive governance loop As Software speeds up, audit evidence explodes A quick sidebar on how Kosli works… Navigating a Sea of Evidence with an Audit Co-pilot Moving from Continuous Collection to Autonomous Evaluation with Agentic What could agentic audit interfaces look like?| Blog | Kosli on Kosli - Make Friends with Change
In modern software development, different environments often have different compliance requirements. Your development environment might allow more flexibility, while production demands strict controls around security scans, testing, and code review. Environment Policy helps you codify these requirements and enforce them consistently. That’s why we’re excited to announce the release of Environment Policy, a new feature that gives you fine-grained control over artifact requirements across y...| Blog | Kosli on Kosli - Make Friends with Change
At Kosli, we believe that governance in software delivery shouldn’t be a bottleneck – it should be an extension of how your teams already work. That’s why we’re excited to introduce custom attestations in Kosli.| Kosli
Get trail attestations via the Kosli CLI A new `get attestation` command was added to the CLI in v2.11.15. This gives you an easy way, using the attestation name, to retrieve information about attestations on either a trail or an artifact. See the docs for more details. K8S reporter helm chart improvements Scan namespaces based on regex patterns A new config parameter reporterConfig.namespacesRegex was added in the K8S reporter helm chart v1.| Blog | Kosli on Kosli - Make Friends with Change
Automating SDLC Governance is one of our key use cases. Kosli gathers all of the evidence your engineering teams need for change management and audit by recording every step in their SDLC, from commit to production, across all of their CI/CD tools. But robust SDLC governance doesn’t just depend on gathering all the necessary data - it also depends on controlling who can add to that data. And that’s exactly what our new access control feature solves.| Blog | Kosli on Kosli - Make Friends with Change
Learn how to generate and track Software Bill of Materials (SBOMs) with Kosli using CycloneDX and Syft. Improve software security, manage license compliance, and gain full visibility into your supply chain. This step-by-step guide shows how to create attestations and register custom schemas for SBOMs in Kosli, enhancing your incident response and software governance capabilities| Kosli
Learn how we implemented a streamlined release workflow with a single approval step using Kosli. Discover how to maintain speed and compliance without adding friction to your software delivery| Kosli
It is now possible to authenticate to Bitbucket using access tokens. As of CLI v2.11.10, CLI commands that communicate with Bitbucket can use the `- -bitbucket-access-token` flag to authenticate with Bitbucket instead of the user-tied app passwords. This ensures that your CI pipelines don’t break if users leave. App rebrand Kosli has introduced a new brand alongside an updated version of www.kosli.com. As part of this evolution, our app has been refreshed with a polished new look, featurin...| Blog | Kosli on Kosli - Make Friends with Change
SEO Description: Kosli raises $10M Series A from Deutsche Bank and Heavybit to transform software delivery governance. With the launch of Kosli Enterprise, financial institutions can automate compliance, eliminate governance bottlenecks, and accelerate secure software delivery.| Kosli
Monthly product updates from the Kosli team, featuring product enhancements, new features and functionalities that overall improve the users' experience on the Kosli platform.| Kosli
The kosli attest generic CLI command can attest anything, but unlike a “typed” attestation (such as kosli attest snyk), it does not calculate a true/false compliance value for you. Customers have reported that while a generic “escape hatch” is useful, it nevertheless has some drawbacks: It can take some effort to calculate a true/false value in some cases. It would be nice to split generic attestations into different types. Most importantly, many customers would prefer it if Kosli cal...| Blog | Kosli on Kosli - Make Friends with Change
Introducing kosli attest custom—a powerful new way to define and automate compliance attestations in Kosli. Unlike generic attestations, custom attestations allow you to create reusable types, and enforce compliance rules with schemas and jq expressions. Importantly, they allow Kosli to calculate all true/false compliance values as part of a zero trust model. Learn how to implement custom attestations in your CI workflow with real-world examples from Cyber-Dojo’s differ microservice.| Kosli
We are thrilled to announce that Kosli has joined the Fintech Open Source Foundation (FINOS), a Linux Foundation organization dedicated to fostering collaboration and innovation in financial services technology. Our goal is to engage the community establishing common standards and automation practices for DevOps controls and change management automation. Why did we join FINOS? The financial services industry faces unique challenges in balancing rapid innovation with stringent regulatory requi...| Blog | Kosli on Kosli - Make Friends with Change
All but one of the kosli attest commands calculate the true/false compliance value for you based on their type. For example, kosli attest snyk can read the sarif output file produced by a snyk scan. The one that doesn’t is kosli attest generic which is “type-less”. It can attest anything, but Kosli cannot calculate a true/false compliance value for you. Often the tool you are using can generate the true/false value, which is then easy to capture.| Blog | Kosli on Kosli - Make Friends with Change
Monthly product updates from the Kosli team, featuring product enhancements, new features and functionalities that overall improve the users' experience on the Kosli platform.| Kosli
Kosli – Track and query every change to your code from commit to production. See exactly how your pipelines and environments are changing instantly.| Kosli