We are thrilled to announce 📢 Kosli is now SOC 2 Type 2 compliant - Read more
New Feature: Kosli Trails is liveCreate comprehensive audit trails for any DevOps activity - Read more
ARTICLES ABOUT

Technology

Geek out on all the new trends, tools and practices in DevOps
How to record an audit trail for any DevOps process with Kosli Trails

How to record an audit trail for any DevOps process with Kosli Trails

In this article I’m going to introduce Kosli Trails. This is a new feature that allows you to record an audit trail for any DevOps process. It’s already in production and being used to record Terraform pipelines, CI processes, server access, feature toggles, and more. How it all started - change management for DevOps Like most software startups, in Kosli’s early stage, we focused on solving a narrow problem: we wanted to solve change management for regulated software teams by recording the facts in DevOps pipelines.


How to track Infrastructure as Code changes in Terraform with Kosli

Infrastructure as Code (IaC) has emerged as a cornerstone for efficiently managing and provisioning infrastructure. Among the many tools available, Terraform has gained unparalleled popularity, …

Kosli Changelog - February 2024

It’s already March, the sun is starting to show up again here in Northern Europe, the snow is melting away, and the Kosli team has been hard at work, making good use of that extra leap day in …

Kosli Changelog - January 2024

The Kosli team starts the new year with endless energy and some exciting news for you! This month, we’ve delivered not only bug fixes and performance improvements but also a couple of highly …

A Guide to Continuous Security Monitoring Tools for DevOps

DevOps has accelerated the delivery of software, but it has also made it more difficult to stay on top of compliance issues and security threats. When applications, environments and infrastructure are …

Understanding ISO 27001 Security - and why DevOps teams choose Kosli

Modern software delivery teams find themselves under constant pressure to maintain security and compliance without slowing down the speed of development. This usually means that they have to find a …

The 5 Best Vanta Alternatives for Security Compliance

Over the last two to three years, we’ve seen increasing demands on all kinds of software companies to comply with security and compliance standards. More and more organizations are looking to benefit …

Kosli Changelog - December 2023

Christmas is around the corner and like many we at Kosli are also looking forward to the upcoming holiday break. So we will share the December changelog with you a bit earlier than usual. This month …

Backstage Developer Portal

*Disclaimer: The complete Backstage guide is open sourced on Github and you can suggest changes to the content if you know it needs updates. We continuously review the pull requests and improve the …

Kosli Changelog - November 2023

November has been a busy month for our team as we dive deep into crafting a new big feature. But in the midst of the coding chaos and hot debates, we’ve still managed to sprinkle in some cool …

ISO 27001 Compliance: Everything You Need to Know

Let’s talk about what ISO 27001 compliance means for the tech team. If you’re a CTO, DevOps team lead, or cyber security specialist, you’ll have a lot of plates spinning at any given point in time. …

Demystifying FEDRAMP and NIST for Continuous Compliance

Today, federal agencies rely extensively on Cloud-based SaaS applications for everything from payment processing and document management, to data security and employee workflow automation. These tools …

How to automate Snyk container scanning of your production environments

If you’re using containers to deploy your software, it is important to be aware of potential vulnerabilities within your container images. These may be introduced through dependencies in your built …

Succeeding with Backstage 4: Backstage as Part of a Broader Developer Productivity Engineering (DPE) Initiative

Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …

Succeeding with Backstage 3: Improving Adoption

Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …

How to Automate Change Management for DevOps

Until fairly recently, software releases happened once or twice a year, maybe once a quarter. This gave IT teams plenty of time to verify and manually sign off on every change before they were …

Succeeding with Backstage 2: Building and Maintaining Custom Plugins

This second installment of the “Succeeding with Backstage” explains how to create a custom Backstage plugin. For many use cases, customizing the platform’s look using the methods from the …

Succeeding with Backstage 1: Customizing the Look and Feel of Backstage

Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …

Kosli Changelog - October 2023

It’s spooky season and, at least here in my house, we are overflowing with costumes, pumpkins, and sweets. Happily, there’s no tricks from the Kosli team, only treats! Further API Key improvements …

Implementing Backstage 3: Integrating with Existing Tools Using Plugins

Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …

Implementing Backstage 6: Deploying Backstage on Kubernetes

Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …

Implementing Backstage Part 5: Kubernetes Plugins

Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …

Implementing Backstage Part 4: Security and Compliance

Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …

Staying Ahead of Threats with Continuous Security Monitoring Tools for DevOps

According to the latest Crowdstrike report, in 2022 cloud-based exploitation increased by 95%, and there was an average eCrime breakout time of 84 minutes. Just as significantly, in 2021, the Biden …

Implementing Backstage: Core Components

This article is the second installment of the “Implementing Backstage” series and focuses on how to use Backstage’s core features. Backstage has an extensible plugin architecture in …

Implementing Backstage 1: Getting started with Backstage CLI

Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …

Kosli Changelog - September 2023

September kicked off with some very pleasant, and warm, late summer / early autumn sunshine, at least here in Northern Europe. But Autumn has now officially landed and it brings with it a few useful …

Evaluating Backstage 1: Why Backstage?

Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …

Implementing Backstage Part 2: Core Components

Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …

Evaluating Backstage 3: Backstage vs. Competitors

Note: This article is part of our Backstage guide series. You can find the complete guide here. Additionally, all articles of the complete Backstage guide are open sourced on GitHub and you can submit …

Kosli Changelog - August 2023

Summer vacations are over. Which is fine, because it means it’s time for Autumn vacations 😀 And Autumn is the best time of the year to visit mountains - mosquitoes are gone and the colors get …

Kosli Changelog - July 2023

Hello! Welcome to July’s edition of the Kosli Changelog. Ewelina is currently enjoying her summer vacation, so I’m here to share a couple of changes from the last few weeks, before I take my summer …

Ace your way through painless audits with Kosli's Evidence Vault

Preparing for a software audit can be a time-consuming and painful process where a lot of information needs to be gathered and verified in a provable audit trail. It means tracking down and piecing …

From Monitoring to Action - Get Faster Incident Response with Change Forensics 🕵️‍♀️

In this post you’ll learn how Kosli’s Change Forensics gives DevOps, Platform, and Site Reliability Engineers the ability to rapidly pinpoint and understand changes and events in their infrastructure …

Kosli Changelog - June 2023

Hello, and welcome to the June edition of the Changelog. It’s that time of the year when the days are long, the great outdoors are calling, and it’s not so easy to stay focused at work. But somehow we …

Data Tampering: A Comprehensive Guide

In an increasingly interconnected and data-driven world, where information shapes decisions and fuels innovation, the integrity of data has become paramount. However, lurking beneath the surface is a …

Terraform Import: What It Is and How to Use It

In this post we’ll explore Terraform Import, a powerful command-line tool that allows you to bring existing infrastructure under Terraform management. We’ll cover what Terraform Import is, …

CRLF Injection, Explained: An In-Depth Guide

In this in-depth guide we’ll explore CRLF injection, a web application security vulnerability that can have severe consequences. First, we’ll cover what CRLF injection is, the types of …

Kosli Changelog - May 2023

Hello, and welcome to the May edition of the changelog. I’ve been pretty busy this last month preparing my presentation for the NDC Oslo conference. So, I drifted away from the team for a bit, only to …

Authentication Failures: Definition, Consequences, and Prevention

Authentication is the security process that verifies a user’s identity in order to grant access to their online account. It also functions as the gateway to your product. It’s a workflow …

How to Use Ansible Copy Module: An In-Depth Guide

In this post, we’re going to learn about the Ansible copy module. Before we look at the copy module specifically, let us first remind ourselves what Ansible is. You can install this open-source …

Command Injection: A Guide to Types, Risks, and Prevention

Command injection is a kind of cyber attack that allows an attacker to execute arbitrary commands on a system. Attackers accomplish this by exploiting vulnerabilities in an application’s input …

What Is Broken-Access Control? Examples and Prevention

Access control is a security mechanism that regulates who has access to sensitive data, resources, and systems. It ensures that only authorized users can access sensitive data and activities while …

Docker Secrets: An Introductory Guide with Examples

Securing sensitive data is crucial for any application, but managing this data can be complex and error-prone. Docker secrets provide a reliable and secure way to handle sensitive information like …

Kosli Changelog - April 2023

Hello, and welcome to the April edition of the changelog. The weather is finally starting to stabilize and resembles one rather than all the seasons. Parks are full of colors and goslings, and at …

Kosli - A Flight Data Recorder for your Runtime Environments

Have you ever had to debug an environment and found it hard to understand exactly what had changed? In the worst case scenarios you have to figure this out during high-pressure situations, like when …

Kosli Changelog - March 2023

Hello, and welcome to the March edition of the changelog. Spring is on her way, days are now longer than nights (at least in the northern hemisphere where me and my Kosli colleagues reside) and new …

How to Provision Your AWS Lambda Function Using Terraform

AWS Lamdba is one of the most popular players in the serverless industry. It enables you to run serverless functions on the cloud, which gives you enhanced scalability and optimized costs. Instead of …

How to achieve compliance with FedRAMP Continuous Monitoring

One of the most common frustrations we hear from CTOs and CISOs is that it’s really hard for them to figure out what they’re supposed to do to achieve software delivery compliance for regulatory …

How to Use the AWS Lambda Function in Python

Amazon Web Services (AWS) Lambda and Python democratize access to code development by reducing the complexity involved when developing and deploying it. The serverless service, AWS Lambda, allows you …

How to create and manage functions in Lambda with AWS CLI

AWS Lambda has been a game changer for the serverless industry ever since its inception in 2014. It allows you to deploy serverless applications in NodeJS, Python, Java, Go, PowerShell, C#, and Ruby. …

How to run your Python Flask server inside a readonly Docker container

In a previous blog we showed you how to strangle old code using Python decorators. This 5 minute blog post shows you how to run a Python Flask server in a readonly Docker container. The steps are …

Kosli Changelog - February 2023

Hello, and welcome to this month’s edition of the change log. We have events filter for environments, commit evidence, GitLab support, and doc updates to share with you, so let’s get straight into it. …

How to strangle old code using Python decorators

The Strangler Pattern is a pattern for safely and carefully retiring old code. The idea is simple - you run the old code and new code live, in production, side-by-side, checking that the new code …

A Deep Dive into fmt Printf in Golang

Go is a simple but versatile programming language developed by Robert Griesemer at Google. It is one of the most sought-after programming languages and continues to grow in popularity. Critical to its …

What is AWS Lambda? An Introduction and Guide with Examples

Serverless computing enables you to build and run applications and services without the need to manage infrastructure. With serverless computing, you can focus on writing and deploying your code …

How to Publish Your Golang Binaries with Goreleaser

Building CLI applications and tools is a fairly easy task in Golang (Go), especially with libraries like Cobra that make getting started a breeze. Once you finish developing your application or tool, …

Docker Inspect Explained: The Essential Guide

These days, it’s hard for a software engineer to go about their work without bumping into a Docker container. But when we bump into one that’s behaving oddly, how do we go about finding …

Understanding Golang Command Line Arguments

Command line interface (CLI) tools are essential in the day-to-day life of developers. They allow you to get your desired result by simply sending a few text inputs, and they consume less resources …

Kosli Changelog - January 2023

With the beginning of the year days are getting longer and the Kosli team is full of energy! So new features and fixes are flying in. There is a lot of work done with backend focus, so the app stays …

A short history of the software bill of materials (SBOM)

Many people are talking about the software bill of materials, but few know about SBOM origins. I find it essential to understand the genesis of ideas, so let’s talk about the beginning of the SBOM. …

How to Use Kubernetes Namespaces: A Guide with Examples

Kubernetes namespaces logically isolate groups of related objects inside a cluster. You can use them to distinguish among objects belonging to different deployments, teams, and organizations. …

Cybersecurity regulation and the software supply chain

It’s standard practice for software companies to use existing software components as building blocks for their new products. But what happens when those building blocks contain vulnerabilities …

How to Configure CLI Tools in Standard Formats with Viper in Golang

Over the past few years, the DevOps and CloudOps sectors have seen a rise in tools that focus on improving certain operations of teams within the industry. There seems to be a tool for almost any …

Get Python test coverage faster without killing your server

Getting system test coverage from a Python web server is not straightforward. If you search the internet all the hits describe killing the server (eg gunicorn) to get the coverage exit handlers to …

How to Securely Create, Edit, and Update Your Kubernetes Secrets

Secrets centrally store confidential data such as passwords, API keys, and certificates inside your Kubernetes cluster. You can inject secrets into your pods as environment variables or files in a …

Understanding Your Kubernetes Deployment Lifecycle—A Guide with Examples

Kubernetes today is the foremost container orchestration platform in the cloud-native ecosystem. It’s an open source system with rich features backed by a large and growing community. Its …

Kosli Changelog - December 2022

End of the year is just around the corner and many of us will leave for a holiday break soon. So this time you hear from us long before the month is over. Nothing to worry about! So much is happening …

Understanding Kubernetes Events: A Guide

Kubernetes events document the changes that occur inside your cluster. Viewing stored events can explain problems and help you resolve failures. An event is generated automatically each time …

Kosli Changelog - November 2022

A lot is happening at Kosli headquarters and satellite offices (or homes! How sweet working for a remote first company can be). In this post we’d like to share some of the latest additions that …

“Did I break prod?” Part 2. Introducing the Kosli Search command

A few months ago, I shared the Eureka moment! I had when I realized how much easier (and less stressful) my earlier career as a developer would have been if I’d had Kosli. Tl;dr - I thought I’d …

The Ultimate Guide to git blame: A How To with Examples

Source control tools give users many powers and one of the big ones is traceability. With traceability tools you can know exactly who made each change and when they made it. In Git, you use the git …

Git Blame in VS Code: The 4 Best Options

Most production projects have a team collaborating on them, so even in a single file there can be multiple contributors. When things go wrong, it’s useful to understand how and why certain changes …

How to define your software process using the Secure SDLC process template

Something I’ve learned over the last 10 years of helping organizations with DevOps is that teams frequently struggle to define a software development process. You’ll find a lot of content on Google …

Docker Tags Demystified: A Guide With Examples

The main principle behind Docker and containerization isn’t too difficult to grasp. You put your software and its dependencies inside a “package” and distribute it. Whoever has this …

Using git diff to Compare Tags: A Guide With Examples

In Git, you can use the git diff command for comparisons. This command is very powerful and flexible, and it covers a lot of ground, but today we’ll be narrowing the scope down to the “git …

Git Grep Like a Pro: The Complete Guide

How do you search for a given string inside many different files? If you’re familiar with the command line, you have the answer on the tip of your tongue: grep. You may know that there is a …

Docker Commit Explained: A Guide With Examples

Docker is a popular set of tools for creating and running applications in containers. Developing an application to run in a container means isolating the application from the underlying …

Docker Build: A Detailed Guide With Examples

One of the many ways Docker makes your life easier is that there are a bunch of development tools you no longer need to install on your machine. Instead, you can rely on images. But if you plan on …

Git and the benefits and challenges of everything-as-code

Git has been a central part of the DevOps story. Our continuous integration systems run builds, produce artifacts, execute tests, and ultimately deploy systems defined as code in our git repositories. …

Tracking changes for your Amazon S3 and Lambda functions with Kosli

The benefits of serverless software architecture include faster and more fine grained changes to your software without worrying about managing hardware resources. This increase in change volume can be …

Continuous Delivery Change Management in ITIL Frameworks

Key takeaways ITIL change management framework doesn’t work for frequent software releases That’s a problem because regulated teams want continuous delivery By automating change management they can …

How to deliver software with Continuous Compliance: A DevOps culture

Imagine your developers are the world’s fastest relay team 🏃 When it comes to build, test, and qualify they get round the running track faster than anyone else. Unfortunately for them the finishing …

Why ITIL Change Management doesn’t work for DevOps teams

Are you trying to do DevOps under regulation? If so, you’ll know the pain of change management. In this article we’ll look at how delivering software with DevOps is incompatible with old school ways …

How are Docker digests calculated and are they mutable?

To ensure binary provenance in your software development process you must, among other things, have confidence that the artifact doesn’t change. If you use a code review and test result as an …

How Kosli automates Change Management for Kubernetes workloads

If you’re delivering software in a regulated space, and you’re using Kubernetes, you’ll know how problematic change management is. On one hand you have a highly dynamic container based system that’s …

5 reasons why your CI system is a terrible Compliance System of Record

“Why can’t we use our CI system for our Compliance System of Record (CSoR)?” This is a question we get asked a lot when we’re talking about compliance with regulated DevOps teams. And it’s a perfectly …

How to design a DevOps Compliance System of Record

If you deliver software in a regulated industry you have to be able to show that you are following a defined process. And that means being able to produce a record of what’s going on in your DevOps …

How regulated teams can avoid the DevOps Lite trap with DevOps Change Management

DevOps is being adopted across regulated industries, but old ITIL approaches to change management still create unnecessary lead times and risks. Fortunately, you don’t have to fall into the DevOps …

How to secure your software supply chain with Artifact Binary Provenance

In Kosli, we use Artifact Binary Provenance as the foundation for our audit trails. Artifact Binary Provenance is a fancy term, but the idea behind it is really quite simple. All it means is that we …

8 reasons why we do ensemble programming

At Kosli we do as much of our work as possible in a group setting, especially (but not limited to) programming. In our experience most tech teams don’t do this and we think they’re missing out on all …

What does it mean to deliver software with Continuous Compliance?

In this short video, Mike Long, our Co-founder and CEO, explains how teams delivering software in regulated industries can achieve CI/CD using CC = Continuous Compliance. If you deliver software in a …

How to automate a secure chain of custody across your pipelines in 5 steps

Imagine you’re a Fintech CTO 🤓 with several teams and tens of microservices. Do you know what’s currently running in prod? How about yesterday? A week ago? Last month? And if you do know what’s in …

How To Release Compliant Software on Demand

In this blog we’ll explain how to automate the change and release compliance in a Secure Software Development Lifecycle. Kosli is a new technology that enables teams in regulated industries, like …

How to Ensure Software Provenance. Just like Google.

Google has always been a leader when it comes to security culture and their approach to managing a secure development lifecycle is no exception. This article introduces Google’s Binary Authorization …

Introducing Continuous Compliance with Kosli

In this article we introduce new technology that allows you to automate the change and release compliance in a Secure Software Development Lifecycle. It’s called Kosli, the DevOps Change Management …

Using Git for a compliance audit trail

Kosli is a DevOps change management platform for storing a record of compliance controls. It helps financial institutions, medical device manufacturers, automotive and other mission-critical …

Ready to ship with more confidence?

Get security and compliance you can trust without slowing down or changing your tools.
Request a demo Start for free
Auditor and Kosli user

Got a question about Kosli?

We’re here to help, our customers range from larges fintechs, medtechs and regulated business all looking to streamline their DevOps audit trails

Contact us