We are thrilled to announce 📢 Kosli is now SOC 2 Type 2 compliant - Read more
New Feature: Kosli Trails is liveCreate comprehensive audit trails for any DevOps activity - Read more
ARTICLES ABOUT

Features

We love to write about software just as much as we love to make it. In Features you can explore the exciting world of DevOps, the fascinating people who make it happen, and the stories they have to tell about their experiences
Maintaining Security with DevOps Compliance

Maintaining Security with DevOps Compliance

DevOps teams play an increasingly important role in all types of software companies. From legacy organizations to cloud-native startups, the DORA metrics tell us that the performance of the DevOps team correlates very closely with the overall success of the business. But, as DevOps starts to be adopted across highly regulated industries, we no longer live in a world where it’s ok to “move fast and break things.” For banks, healthcare companies, car manufacturers, etc.


How to build DevOps automations with Kosli Actions

Kosli allows regulated organizations to scale their continuous delivery so that they can deploy changes to production at maximum speed without the risk of non-compliance. It does this by recording all …

DevOps Change Management Resources

The DevOps Change Management Content Hub is a set of resources for modern software teams who struggle to align their DevOps automation with their change management requirements. In our experience, …

Continuous Compliance Content Hub

The Continuous Compliance content hub is a set of guides for DevOps teams who need to move fast while remaining in compliance for audit and security purposes. We know that the old change management …

The Three Ways of DevOps Governance

In this blog post, I take a look at modern IT governance by applying the classic “Three Ways” of DevOps principles originally introduced by Gene Kim in his seminal 2012 article. “We assert that the …

How to Detect Unauthorized Changes in Production with Kosli

Let’s not beat around the bush: change management is a prehistoric discipline desperately in need of fresh thinking. Its “best practices” are frankly terrible. Nobody honestly thinks manually filling …

The DevOps Security and Compliance Guide

The fast-paced nature of modern software development means developers are capable of deploying changes to production multiple times a day. But, while DevOps allows development teams to deliver new …

What Is Continuous Security Monitoring Software?

Many DevOps teams work proactively to meet security and compliance standards. They consider security best practices when developing software with open source components, scanning code for …

The Code Story podcast - how to deliver software with Continuous Compliance and Kosli

How do you “keep the receipts” for your software process? Is it possible to automate change controls and deploy software with Continuous Compliance? Earlier this year, Mike appeared on the CodeStory …

How to Track and Enforce Snyk Scans Across Your Production Environments

If you’re delivering software in a regulated environment, or deploying to a critical application or device, ensuring the security of your software code and dependencies is essential. One of the most …

Stay on top of every change with Kosli Notifications

In this short blog, you will learn how to set up Kosli Notifications so your whole team can stay on top of environment changes and compliance events in real time. 🚀 In fast-paced technology …

How to record a business process with Kosli’s Audit Trail

Have you ever needed to provide proof that a critical business process actually took place? It’s a painful process involving all kinds of paperwork, but it’s the reality for many organizations working …

From Monitoring to Action - Get Faster Incident Response with Change Forensics 🕵️‍♀️

In this post you’ll learn how Kosli’s Change Forensics gives DevOps, Platform, and Site Reliability Engineers the ability to rapidly pinpoint and understand changes and events in their infrastructure …

How to record events in your CI pipelines with Kosli Flows

In an ideal world CI pipelines would never fail and deployments would be easy to navigate. The reality is that the journey from commit to production can fail in subtle ways that can be hard to …

This $80m Banking Incident shows that Change Controls don't work

This week I’ve been reading through the recent judgment from the Swedish FSA on the Swedbank outage. If you’re unfamiliar with this story, Swedbank had a major outage in April 2022 that was caused by …

The Dark Side of DevSecOps and the case for Governance Engineering

For today’s software organizations security has never been more top of mind. On one side there is the present and growing threat of being hacked by malicious actors, set out in Crowdstrike’s recent …

How to prove your SDLC is being followed for compliance with medical standards like IEC 62304

If you’re part of a software engineering team in digital health, medtech, medical devices, Software as a Medical Device (SaMD), etc. you have to comply with regulatory standards. And one of the …

Kosli - A Flight Data Recorder for your Runtime Environments

Have you ever had to debug an environment and found it hard to understand exactly what had changed? In the worst case scenarios you have to figure this out during high-pressure situations, like when …

DevSecOps: The Broken or Blurred Lines of Defense

With the modern patterns and practices of DevOps and DevSecOps it’s not clear who the front-line owners are anymore. Today, most organizations’ internal audit processes have lots of toil and low …

Help, we’re doing ISO27001! Why, what, and how?

At Stacc, Espen Thomassen Sæverud (CTO) & Øyvind Fanebust (Partner) have extensive experience in banking and finance with particular expertise in the area of Continuous Compliance. In this talk …

Regulations v DevSecOps: Requiem

In this 15 minute lightning talk, Diptesh “Dips” Mishra, CTO for Shoal (a Standard Chartered Venture) talks about the governance challenges that financial services organizations face when they look to …

Inside Investments Unlimited with John Willis

John Willis, Distinguished Researcher at Kosli, dives into Investments Unlimited - the latest novel from IT Revolution. It’s about an investment bank dealing with DevOps, DevSecOps, and IT Risk. John …

Knight Capital - A story about DevOps Automated Governance

Knight Capital Group, Inc. was a global financial services firm that operated in the world’s premier market-making, electronic execution, and offered side platform. It was one of the leading …

A short history of the software bill of materials (SBOM)

Many people are talking about the software bill of materials, but few know about SBOM origins. I find it essential to understand the genesis of ideas, so let’s talk about the beginning of the SBOM. …

Cybersecurity regulation and the software supply chain

It’s standard practice for software companies to use existing software components as building blocks for their new products. But what happens when those building blocks contain vulnerabilities …

The Misunderstood Troll - A story about collaboration, communication and visibility in a regulated software organizations

In this talk Alex Kantor, Director of Technology at Modulr, will show you how they used Kosli to enable their developers to release directly to production in a financially regulated environment - …

Why I joined Kosli - a story about DevOps and modern governance

Maybe I’m crazy, but I’ve just joined my 12th startup at the age of 63. Kosli is the product I’ve been looking for since I started talking about this idea five years ago, but until recently I …

Does the GitOps emperor have no clothes?

A hot take 🔥🔥 from a kind place. Before I start throwing sparks around I want to make clear that I think there’s lots of benefits to capturing everything as code in git. Static definitions, recipes …

Review: Investments Unlimited - A Novel about DevOps, Security, Audit Compliance, and Thriving in the Digital Age

“You know, it may feel like regulators are out to get us, but they’re really there to help us and help protect our customers.” If you’re into DevOps there’s a pretty good chance at least one book from …

Why developers need a DevOps database

Can you imagine developing software without version control? What if I told you that we were doing exactly the same thing with DevOps? In this article I’ll explain why developers need a database for …

Visma Tech Talk with Kosli's Mike Long - DevOps: The Beginning of Infinity

In this video Mike speaks to Tinuis Alexander Lystad from Visma about his latest talk, DevOps: The Beginning of Infinity. Inspired by David Deutsch, Mike explores the concept of infinite knowledge …

It’s 2021! Why does Change Management still suck?

There’s an excellent management paper from 2001 called Nobody Ever Gets Credit for Fixing Problems that Never Happened. In it, the researchers looked into how companies create and sustain process …

The Jan Bosch Interview: The Future for Technology Companies

A few days ago you posted a video from the Software Center about doing continuous testing in regulated, safety critical environments. And it immediately attracted a bunch of objections from people in …

10 outdated beliefs about software

The world of software remains a fascinating place and I keep being amazed at how rapidly it continues to evolve and transform. We certainly have come a long from the early 1980s when I was a teenager …

The Jan Bosch Interview: Software Innovation in Embedded and Regulated Systems

All of the research into DevOps tells us that it is the most efficient way to deliver software. But, what does DevOps look like in places where you have the extra friction that comes with embedded …

The Jan Bosch Interview: Industry and Academia

A few weeks ago Jan Bosch joined Kosli as an investor and advisor. Shortly after his arrival I interviewed him about a range of software related topics. Our conversation will form the basis for a …

DevOps and the future of Change Management

Here’s your chance to catch up on the talk @meekrosoft gave at BCS EDN where he discussed the change management challenges associated with practising DevOps in regulated industries. In sectors …

Is faster actually safer? How software physics beats human psychology

Sometimes doom-scrolling through Twitter has its rewards. A few weeks ago, in between the Ever Given🚢 memes (how we miss the big boat!) and the usual screams😱 into the void, I came across this tweet …

ZTL Case: Building a Fintech with DevOps DNA

Moving at DevOps speed isn’t straightforward in regulated industries. Change management processes force your development teams to delay valuable release candidates. But, what if you could automate the …

Ready to ship with more confidence?

Get security and compliance you can trust without slowing down or changing your tools.
Request a demo Start for free
Auditor and Kosli user

Got a question about Kosli?

We’re here to help, our customers range from larges fintechs, medtechs and regulated business all looking to streamline their DevOps audit trails

Contact us