We are thrilled to announce 📢 Kosli is now SOC 2 Type 2 compliant - Read more
New Feature: Kosli Trails is liveCreate comprehensive audit trails for any DevOps activity - Read more
Kosli changelog

Kosli Changelog - February 2024

Steve Tooke
Author Steve Tooke
Published March 5, 2024 in technology
clock icon 5 min read

It’s already March, the sun is starting to show up again here in Northern Europe, the snow is melting away, and the Kosli team has been hard at work, making good use of that extra leap day in February! This month we are delivering some performance improvements, some updates to existing features, and some exciting new features. 

Introducing Trails

We noticed that some of our customers were creating “fake” artifacts so they could keep records for critical changes outside of pipelines. Trails enable you to create audit trails for any DevOps process. It’s already in production and is being used to track:

  • CI pipeline run [example]
  • Terraform pull request workflows [example]
  • Server access logs
  • Nightly cron jobs [example]
  • Employee offboarding

Learn more: How to record an audit trail for any DevOps process with Kosli Trails

Snapshots without scaling 

We have experienced that for many customers the scaling of server instances has been the major contributor to new snapshots. This has made it hard to see the SW changes. This has now been changed so that new environments will by default not create new snapshots if there are only changes to the scaling.

It is possible to change exclusion/inclusion of scaling per environment. Doing it in the UX will come soon, but for now it can be changed via the CLI like this:

kosli create environment ENV-NAME
  --type ENV-TYPE \
  --exclude-scaling \
  --api-token <API-TOKEN>

Performance improvements on UI

Over the last month we have been working on speeding up the UI. Particularly the environment pages were slow, especially for customers with a lot of data. If you still find some pages slow then let us know and we will investigate it.

UI Improvements

On top of these performance improvements, we’ve implemented some other changes to the UX to make it easier to navigate, and to make your information easier to find.

Up to now, searching an artifact by its fingerprint or its commit could only be done in the Kosli CLI, with the `kosli search` command. We’ve brought this functionality to the browser, allowing users to access all this information in a more straightforward way. On the top right of the window, you’ll find a new search icon, next to the user avatar.

Kosli search bar

Entering a commit sha or a fingerprint will return all artifacts associated with the sha provided, as well as their compliance state, the flows they were reported to, and which environments they are running in.

Kosli search results

Artifact filtering in snapshots

We found that for environments containing many artifacts,  it can sometimes be difficult to find a specific artifact so we created a filter for this purpose in our snapshot pages.

Artifact filtering

The results will display all artifacts matching the filter’s fingerprint, artifact name, flow name or compliance state.

Overall UI polish

We also spent some time polishing Kosli’s UI to make its use more comfortable. These changes include:

  • Reorganizing layouts for readability
  • Exposing the git commit when relevant
  • Formatting of evidence data:
  • And many more things…

Deprecate Expect Deployment

As we’ve worked with new customers getting started with their Kosli journey, we noticed that our kosli expect deployment command was making things more complicated.

Previously, you were required to tell Kosli when you were about to deploy an artifact to an environment. If you didn’t, Kosli would report the artifact as unexpected and cause the environment to be non-compliant.

We’ve taken the decision to relax this requirement on environments and deprecate kosli expect deployment. We understand that there are artifacts that aren’t appropriate to deploy to specific environments, whether that’s due to an approval, a change in a security scan, or other reasons specific to your context. We have some ideas about how to do this and you can expect to hear more soon.

New Snyk Attestation

With Trails we have new “attest” commands for recording facts relating to changes. We’ve taken the opportunity to improve how we handle Snyk results in the new Snyk attestations.

Snyk attestations (formerly evidence reporting) were limited to accept only the results for “snyk container test” JSON output. The old implementation was rigid which made it not possible to report Snyk evidence  if you scan multiple projects together, for example.

As of CLI v2.8.4, you can attest Snyk’s open source, code, container and IaC scans in the SARIF format to Kosli using the new “kosli attest snyk” command. The CLI analyzes your Snyk scan results and sends a summary of the findings to Kosli. By default, it will also upload the results file as an attachment. You disable uploading the results file to Kosli by using “–upload-results=false”.

For more details, check out our new snyk attestation tutorial.

The legacy commands: “kosli report evidence artifact snyk” and “kosli report evidence commit snyk” now support processing the SARIF results as described above. However, they continue to process Snyk’s Json results the way they did before.

Recursive Glob patterns are supported for filtering files and sub-directories when fingerprinting directories.

As of CLI v2.8.2, recursive glob patterns (e.g. “*/**/*.log”) are supported for filtering inclusion and exclusion of files and directories when calculating fingerprints  in the following commands: kosli fingerprint, kosli attest artifact, kosli snapshot server.


Published March 5, 2024, in technology


You might like

Stay in the loop with the Kosli newsletter

Get the latest updates, tutorials, news and more, delivered right to your inbox
Kosli is committed to protecting and respecting your privacy. By submitting this newsletter request, I consent to Kosli sending me marketing communications via email. I may opt out at any time. For information about our privacy practices, please visit Kosli's privacy policy.
Kosli team reading the newsletter

Got a question about Kosli?

We’re here to help, our customers range from larges fintechs, medtechs and regulated business all looking to streamline their DevOps audit trails

Contact us
Developers using Kosli