5 min read
It’s already March, the sun is starting to show up again here in Northern Europe, the snow is melting away, and the Kosli team has been hard at work, making good use of that extra leap day in February! This month we are delivering some performance improvements, some updates to existing features, and some exciting new features.Â
Introducing Trails
We noticed that some of our customers were creating “fake” artifacts so they could keep records for critical changes outside of pipelines. Trails enable you to create audit trails for any DevOps process. It’s already in production and is being used to track:
- CI pipeline run [example]
- Terraform pull request workflows [example]
- Server access logs
- Nightly cron jobs [example]
- Employee offboarding
Learn more: How to record an audit trail for any DevOps process with Kosli Trails
Snapshots without scalingÂ
We have experienced that for many customers the scaling of server instances has been the major contributor to new snapshots. This has made it hard to see the SW changes. This has now been changed so that new environments will by default not create new snapshots if there are only changes to the scaling.
It is possible to change exclusion/inclusion of scaling per environment. Doing it in the UX will come soon, but for now it can be changed via the CLI like this:
kosli create environment ENV-NAME
--type ENV-TYPE \
--exclude-scaling \
--org <ORGANIZATION-NAME> \
--api-token <API-TOKEN>
Performance improvements on UI
Over the last month we have been working on speeding up the UI. Particularly the environment pages were slow, especially for customers with a lot of data. If you still find some pages slow then let us know and we will investigate it.
UI Improvements
On top of these performance improvements, we’ve implemented some other changes to the UX to make it easier to navigate, and to make your information easier to find.
Kosli Search
Up to now, searching an artifact by its fingerprint or its commit could only be done in the Kosli CLI, with the `kosli search` command. We’ve brought this functionality to the browser, allowing users to access all this information in a more straightforward way. On the top right of the window, you’ll find a new search icon, next to the user avatar.
Entering a commit sha or a fingerprint will return all artifacts associated with the sha provided, as well as their compliance state, the flows they were reported to, and which environments they are running in.
Artifact filtering in snapshots
We found that for environments containing many artifacts, it can sometimes be difficult to find a specific artifact so we created a filter for this purpose in our snapshot pages.
The results will display all artifacts matching the filter’s fingerprint, artifact name, flow name or compliance state.
Overall UI polish
We also spent some time polishing Kosli’s UI to make its use more comfortable. These changes include:
- Reorganizing layouts for readability
- Exposing the git commit when relevant
- Formatting of evidence data:
- And many more things…
Deprecate Expect Deployment
As we’ve worked with new customers getting started with their Kosli journey, we noticed that our kosli expect deployment command was making things more complicated.
Previously, you were required to tell Kosli when you were about to deploy an artifact to an environment. If you didn’t, Kosli would report the artifact as unexpected and cause the environment to be non-compliant.
We’ve taken the decision to relax this requirement on environments and deprecate kosli expect deployment. We understand that there are artifacts that aren’t appropriate to deploy to specific environments, whether that’s due to an approval, a change in a security scan, or other reasons specific to your context. We have some ideas about how to do this and you can expect to hear more soon.
New Snyk Attestation
With Trails we have new “attest” commands for recording facts relating to changes. We’ve taken the opportunity to improve how we handle Snyk results in the new Snyk attestations.
Snyk attestations (formerly evidence reporting) were limited to accept only the results for “snyk container test” JSON output. The old implementation was rigid which made it not possible to report Snyk evidence if you scan multiple projects together, for example.
As of CLI v2.8.4, you can attest Snyk’s open source, code, container and IaC scans in the SARIF format to Kosli using the new “kosli attest snyk” command. The CLI analyzes your Snyk scan results and sends a summary of the findings to Kosli. By default, it will also upload the results file as an attachment. You disable uploading the results file to Kosli by using “–upload-results=false”.
For more details, check out our new snyk attestation tutorial.
The legacy commands: “kosli report evidence artifact snyk” and “kosli report evidence commit snyk” now support processing the SARIF results as described above. However, they continue to process Snyk’s Json results the way they did before.
Recursive Glob patterns are supported for filtering files and sub-directories when fingerprinting directories.
As of CLI v2.8.2, recursive glob patterns (e.g. “*/**/*.log”) are supported for filtering inclusion and exclusion of files and directories when calculating fingerprints in the following commands: kosli fingerprint, kosli attest artifact, kosli snapshot server.
