Security and Compliance Takes Center Stage: Key Insights from Open Source Finance Forum - London 2025
We’ve just wrapped up London’s 2025 Open Source Finance Forum (OSFF) in London and in this blog I’ll try to capture the key highlights from this year’s event while they’re still fresh. Dominant themes were the increasing prominence of legislation and governance frameworks, and what these mean for developers and practitioners. From insightful keynotes on stage to animated conversations over lunch, all around the event there appeared to be widespread agreement that it’s time to get serious about governance, compliance, and security.
LATEST ARTICLES
Generating and Tracking SBOMs with Kosli: Enhancing Software Security and Supply Chain Transparency
Software Bill of Materials (SBOMs) are crucial for maintaining software security and supply chain transparency. They provide a detailed list of all components, libraries, and dependencies within a …
Kosli Changelog March 2025
It is now possible to authenticate to Bitbucket using access tokens. As of CLI v2.11.10, CLI commands that communicate with Bitbucket can use the `- -bitbucket-access-token` flag to authenticate with …
How we implemented a release/promotion workflow with a single approval, using Kosli
Overview A feature we often get asked about at Kosli is whether we can help support a release/promotion workflow: a workflow that deploys a known set of Artifacts from one runtime environment (eg …
Kosli Raises $10 Million Series A led by Deutsche Bank and Heavybit to Transform Software Delivery Governance.
We are delighted to announce that Kosli has raised $10 million in Series A funding. The round was led by Deutsche Bank’s Corporate Venture Capital (CVC) group, with participation from Heavybit, …
Kosli Changelog February 2025
Introduce Custom attestation types We’ve recently introduced Custom Attestation Types, a powerful new feature that gives you greater flexibility and control over your attestations in Kosli. Why we …
Migrating from Generic to Custom Attestations: A zero-trust approach to compliance
The kosli attest generic CLI command can attest anything, but unlike a “typed” attestation (such as kosli attest snyk), it does not calculate a true/false compliance value for you. …
FEATURES
The Future of Auditing is Agentic AI
Audits are painful for developers AND compliance teams We’ve solved audits for evidence collection. With AI we’ll solve it for evidence evaluation What is the point of an SDLC audit? Audits are a slow …
How to Strengthen Your SDLC Audit Trail with Improved Access Control in Kosli
Automating SDLC Governance is one of our key use cases. Kosli gathers all of the evidence your engineering teams need for change management and audit by recording every step in their SDLC, from commit …
Generating and Tracking SBOMs with Kosli: Enhancing Software Security and Supply Chain Transparency
Software Bill of Materials (SBOMs) are crucial for maintaining software security and supply chain transparency. They provide a detailed list of all components, libraries, and dependencies within a …
NEWS
Kosli Raises $10 Million Series A led by Deutsche Bank and Heavybit to Transform Software Delivery Governance.
We are delighted to announce that Kosli has raised $10 million in Series A funding. The round was led by Deutsche Bank’s Corporate Venture Capital (CVC) group, with participation from Heavybit, …
Kosli Joins FINOS to Collaborate on DevOps Controls and Change Compliance in Financial Services
We are thrilled to announce that Kosli has joined the Fintech Open Source Foundation (FINOS), a Linux Foundation organization dedicated to fostering collaboration and innovation in financial services …
Introducing Kosli's Logical Environments: Gain total visibility and control over complex systems
In today’s fast-paced development landscape, environments are no longer simple or isolated. You’re managing resources that span across development stages, geographies, and technologies. And as those …
TECHNOLOGY
Introducing Environment Policy- Gain Unified Control Over Compliance Requirements Across Your Runtime Environments
In modern software development, different environments often have different compliance requirements. Your development environment might allow more flexibility, while production demands strict controls …
Flexible, Evidence-Driven Compliance: Meet Kosli’s Custom Attestations
At Kosli, we believe that governance in software delivery shouldn’t be a bottleneck – it should be an extension of how your teams already work. That’s why we’re excited to introduce custom …
Kosli Changelog May 2025
Get trail attestations via the Kosli CLI A new `get attestation` command was added to the CLI in v2.11.15. This gives you an easy way, using the attestation name, to retrieve information about …
