We are thrilled to announce 📢 Kosli is now SOC 2 Type 2 compliant - Read more
New Feature: Kosli Trails is liveCreate comprehensive audit trails for any DevOps activity - Read more

Faster changes. Stronger security. Painless audits.

Kosli records all of the changes in your software to give you the easy buttons for audit, compliance, security, and incident response.
Kosli hero image

Banks, Fintechs, Payments, SaaS, and Medical companies all over the world trust Kosli — and that’s in part thanks to our commitment to our agnostic approach to compliance - Record what you want, your way.

checklist and checkmark icons

Audit & Compliance

Ace your next audit without slowing your software releases with tickets and meetings. Deploy freely with continuous compliance.
security breach icon

Security & Defense

Remove risk and uncertainty. Know exactly what’s running in production and where it was deployed from.
devops loop and user icons

SRE & Platform Engineering

Pinpoint changes without digging in noisy dashboards to find them. Get the answer you need with powerful commands.

Integrates with your tools, your workflows, your industry

Kosli integrates with the tools you already use and doesn’t force you into adopting any new workflows. It gives teams in regulated sectors like finance and healthcare the power to deliver software with security, compliance, and speed.
GitHub logo Bitbucket logo GitLab logo CircleCi logo Bash logo Jenkins logo Azure logo Azure Devops logo AWS logo AWS ECS logo AWS Lambda logo Amazon S3 logo Kubernetes logo Docker logo Server logo
Tracking change across modern reference architecture is complicated

Kosli records the facts to make governance jobs easy

Observability with kosli diagram
Question icon

How does Kosli “record” everything? What kind of permissions does that require?

Answer icon Kosli works like a log system. You don’t have to worry about the data we’re collecting because we only receive what you decide to send us. Our customers record everything they need for audit, security and compliance by sending the cryptographic fingerprints for running artifacts alongside the metadata for builds, tests, pull requests, etc. Kosli doesn’t access or record your sensitive data or secrets. We’re also SOC 2 Type 2 compliant, so you can be sure we take security and availability seriously.

Automated recording and reporting for all of the changes in your software

Fast, compliant deployments without screenshots, spreadsheets or tickets

This image shows the compliance status of a single change running in production. The green lozenges show that all of the evidence for this change (scans, tests etc.) has been recorded in Kosli, so this change is in compliance.

You can download this evidence to CSV file by using the blue button. For a full software audit e.g. evidence for every deployment made in the last 6 months, you just choose a date range and download your audit trail with a couple clicks.

Alerts for non-compliant or unauthorized changes

Kosli takes a snapshot of your runtimes whenever a change is made, and here you can see that in snapshot 920 a non-complaint or unauthorized change has been deployed.

In this example, Kosli has detected that the most recent change to the environment does not have Snyk scan evidence, and it has provided an alert via the Slack integration.

Pinpoint the cause of incidents without digging and delays

Because Kosli stores a snapshot of your environments every time a change happens, it’s easy to quickly pinpoint the changes that cause incidents using simple diff commands.

In this example prod is down but beta is up. By diffing the two environments using Kosli’s CLI you can immediately find the change that’s running in prod, but not in beta.

Elite performing teams deliver changes 973x more frequently. You’ve invested in DevOps - now unlock the benefits with Continuous Compliance.

Find a time to talk to us

Developer feedback with Kosli CLI

Real-time observability for devs and engineers

Tired of trying to figure out which change broke everything? Need to know where your commit is? Get the ability to see how your environments and pipelines are actually changing and quickly locate the change you need. See our developer feedback page to get a taste of what you can do from the command line with Kosli.
Learn more about developer feedback
$ kosli search baa49d2
Search result resolved to commit baa49d252b61a9ba8e765a41161de50c51d0529a
Name:              cyberdojo/creator:baa49d2
Fingerprint:       29d4c97df320966f22c0d23f1ffa8a864572eb078044f5561d11873b1de40e65
Has provenance:    true
Flow:              creator
Git commit:        baa49d252b61a9ba8e765a41161de50c51d0529a
Commit URL:        https://github.com/cyber-dojo/creator/commit/baa49d252b61a9ba8e765a41161de50c51d0529a
Build URL:         https://github.com/cyber-dojo/creator/actions/runs/4871346095
Compliance state:  COMPLIANT
Running in:        [ aws-beta, aws-prod ]
Exited from:       [  ]
History:
    Commit baa49d2                                  Wed, 03 May 2023 13:27:00 CEST
    Artifact created                                Wed, 03 May 2023 13:29:56 CEST
    Received unit-test evidence                     Wed, 03 May 2023 13:31:07 CEST
    Received branch-coverage evidence               Wed, 03 May 2023 13:31:10 CEST
    Received snyk-scan evidence                     Wed, 03 May 2023 13:31:36 CEST
    Expect deployment #222 to aws-prod environment  Wed, 03 May 2023 13:32:44 CEST
    Expect deployment #223 to aws-beta environment  Wed, 03 May 2023 13:32:48 CEST
    Started running in aws-prod#686 environment     Wed, 03 May 2023 13:35:02 CEST
    Started running in aws-beta#590 environment     Wed, 03 May 2023 13:35:17 CEST

Artifact detail app

Connect the dots between dev and ops

  • Rich support for your runtime environments

    Kubernetes cluster, Amazon ECS, Amazon S3, Amazon Lambda, Physical/Virtual server
  • Easy to implement in your CI/CD toolstack

    No need to change your existing CI structure. To use Kosli you just need to run commands in your pipelines and runtime environments.
  • Familiar CLI commands

    Log, diff, ls, assert - Kosli uses easy and intuitive commands that let you explore your pipelines and runtime environments.
Kosli team
  • Rich support for your runtime environments

    Kubernetes cluster, Amazon ECS, Amazon S3, Amazon Lambda, Physical/Virtual server
  • Easy to implement in your CI/CD toolstack

    No need to change your existing CI structure. To use Kosli you just need to run commands in your pipelines and runtime environments.
  • Familiar CLI commands

    Log, diff, ls, assert - Kosli uses easy and intuitive commands that let you explore your pipelines and runtime environments.
  • Learn more about Kosli

How it works

  • Record
  • Connect
  • Search

Start reporting your environments and pipelines. Get started with one line of code in your runtime.
Team inspecting machine
Environment recorder icon

Record your environments

Know *exactly* what’s running in your environments. With one line of code Kosli fingerprints the running components in your environment and makes new commits in the database whenever a change is detected. Replace your config repos and glue scripts without enforcing a deployment approach
Pipeline recorder icon

Connect your pipelines

Now you know what’s running in ops, connect it to your pipeline events. Get a live map of builds, tests, approvals, and deployments and see how it matches up with what’s actually running in your environments. Follow commits all the way to production and trace deployments back to the commit.
Query icon

Search your DevOps history

With dev and ops aligned you can take time-consuming guesswork and frustration out of incident response, security, and even evidence gathering for audit. Use Kosli’s powerful search tools to log, diff and browse every change from commit to prod. Get what you need from the browser, API, or command line.
Secure SDLC Process Template Infinity Loop

Kosli’s free asset helps define your SSLDC, providing a defined, repeatable way of working that manages IT risks

Fork the repo
Supply Chain Levels for Software Artifacts (SLSA) Whitepaper cover

Download Kosli’s Free white paper: Supply Chain Levels for Software Artifacts (SLSA)

View white paper
Oyvind character from stacc with ISO logo

See how Kosli enabled Stacc’s journey to ISO compliance at NDC Conference and that turbo eureka moment!

Watch the video
Character with a magnifying glass next compliance standard logos

How to prove your SDLC is being followed for compliance with medical standards like IEC 62304

Read the blog
Multicolor devops loop

What does it mean to deliver software with Continuous Compliance?

Read the blog
Artie character and company logos

Meet the companies that made friends with change with Kosli and ship with confidence and speed

View customer stories