3 min read
Automating SDLC Governance is one of our key use cases. Kosli gathers all of the evidence your engineering teams need for change management and audit by recording every step in their SDLC, from commit to production, across all of their CI/CD tools.
But robust SDLC governance doesn’t just depend on gathering all the necessary data - it also depends on controlling who can add to that data. And that’s exactly what our new access control feature solves.
The Problem: Access without Control
Until now, any user who signed into Kosli via SSO was automatically granted full permissions.
That meant they could create entities and, critically, attestations - which are the foundation of your audit trail in Kosli.
To avoid the risk of unauthorized or accidental attestations, many organizations resorted to limiting Kosli access at the internal developer platform level, which kept usage safe but also reduced visibility and collaboration across teams.
This created a bit of unwanted tension for some of you - open up access to all users and risk compromising your audit trail, or lock it down and lose the benefits of widespread SDLC visibility across the organization?
The Solution: A Read-Only User Role
To solve this, we’ve introduced a new read-only role that allows you to share access to Kosli without giving read-only users the ability to add to or amend your compliance data.
What read-only users can do:
- View all SDLC activity and audit data in Kosli.
- Use personal API keys to access organizational data with read-only permissions.
What they can’t do:
- Create or modify any resources (e.g. Flows, Environments, Attestations, etc.).
- Manage service accounts or API keys.
- View integration details (though they can see if integrations are on or off).
With this new role, only authorized systems - like your CI/CD pipelines or designated service accounts - can create attestations, ensuring that your SDLC audit trail remains accurate, consistent, and trustworthy.
How It Works
- Admins can assign the read-only role when inviting users to your organization.
- Existing users can have their roles updated at any time via the admin console.
- SSO defaults: New users who sign in via SSO will be assigned read-only by default.
- Role filtering: Larger teams can now filter users by role to quickly audit and manage access.
Getting Started
Here’s how to begin strengthening your audit trail with improved access control:
- Review your current user list: Identify anyone who doesn’t need to create attestations or modify resources.
- Update user roles: Set those users to read-only from your admin dashboard.
- Set the right roles at the point of invitation: Assign read-only by default unless contribution is needed.
- Use filters to manage access at scale: Role-based filtering makes this process simple for large organizations.
Available Now
This new feature is available to all Kosli customers starting May 14th, 2025. It’s a small change, but it will give you better security, more trustworthy compliance data, and a way of managing SDLC governance that meets the needs of everyone on your team.
