Snyk vulnerability compliance with kosli evaluate trail
Kosli recently released kosli evaluate trail, a command that evaluates selected attestations in a Kosli trail against a Rego policy file. We used it to build a complete and useful solution for tracking Snyk container vulnerabilities for cyber-dojo (an open-sourced browser based online tool for practising TDD which Kosli uses for demos). You’ll read about what we built, why we built it, how we tested it, and specifically: how it’s used in build workflows, in promotion workflows, and also in workflows than run “live” scans on already deployed artifacts how it runs with zero-trust against a policy defined in Rego and params files Table of contents The Problems Design overview The snyk scan and the .
LATEST ARTICLES
Governing AI Generated Code - A Hands-On Experiment with Entire and Kosli
Can you create an audit trail for what your AI agent actually did, and enforce rules about what it was allowed to do? Here’s what I found after spending a session wiring the two tools together. …
A Technical Guide to Controls Engineering
Why Software Delivery Governance Matters The modern world runs on mission-critical software. It moves our money, drives our cars, diagnoses our illnesses, and fundamentally improves our lives. But, …
Environment support in Terraform Provider for Kosli - v0.2.0
We’re excited to announce support of physical environments in the Terraform Provider for Kosli! What’s Included Environment Management: Full lifecycle support for creating, updating, and …
Terraform Provider for Kosli - v0.1.0
We’re excited to announce the very first release of the official Terraform Provider for Kosli. This is only the start of the journey for managing Kosli resources at scale! Why This Matters To …
Kosli and Team Topologies - A Strategic Partnership for SDLC Governance
We’re delighted to announce a strategic partnership between Kosli and TeamTopologies - a collaboration that brings together SDLC Governance automation with the world’s leading framework …
Designing an automated SDLC control
For anyone shipping software in regulated industries, the word “control” gets thrown around all over. Compliance frameworks demand controls, auditors verify controls are used, engineering …
FEATURES
Snyk vulnerability compliance with kosli evaluate trail
Kosli recently released kosli evaluate trail, a command that evaluates selected attestations in a Kosli trail against a Rego policy file. We used it to build a complete and useful solution for …
Introducing Code Repositories in Kosli
Kosli gives your organization a complete picture of software delivery - every build, scan, deployment, and compliance event tracked. Until now that picture was most useful to the people managing …
Introducing kosli evaluate: Rego Policy Evaluation for Your Compliance Data
If you’re evaluating compliance controls against your Kosli trail data today, there’s a good chance you’ve written some glue code to make it work. A script that pulls trail data from …
NEWS
Kosli and Adaptavist Partner to Automate Governance for AI driven Software Delivery
Today, Kosli and Adaptavist announce a strategic partnership to help regulated enterprises automate governance for AI driven software delivery - making it automated, continuous, and evidence-driven …
Kosli and Team Topologies - A Strategic Partnership for SDLC Governance
We’re delighted to announce a strategic partnership between Kosli and TeamTopologies - a collaboration that brings together SDLC Governance automation with the world’s leading framework …
Enhanced Environment Compliance with Environment Policies
We’re excited to announce an important enhancement to Kosli that will improve how environment compliance is managed across your organization. Starting with our next release, all compliance …
TECHNOLOGY
Diff-erent Perspectives: How Specialized LLM Personas Catch More Bugs
We’ve built a multi-LLM PR reviewer that runs on every pull request in a couple of our own repos. Two independent models look at each change in parallel, each wearing a set of “persona …
Governing AI Generated Code - A Hands-On Experiment with Entire and Kosli
Can you create an audit trail for what your AI agent actually did, and enforce rules about what it was allowed to do? Here’s what I found after spending a session wiring the two tools together. …
A Technical Guide to Controls Engineering
Why Software Delivery Governance Matters The modern world runs on mission-critical software. It moves our money, drives our cars, diagnoses our illnesses, and fundamentally improves our lives. But, …
