Hello, and welcome to the March edition of the changelog. Spring is on her way, days are now longer than nights (at least in the northern hemisphere where me and my Kosli colleagues reside) and new Kosli features are popping up like snowdrops. We have the latest release of the CLI and a bunch of other stuff to share with you, so let’s get right into it.
Cli version 2.0.0 released
We’re not only building Kosli, we’re using it in our daily work and that made us realize there is room for improvement in our command syntax. That’s how Kosli cli v2.0.0 came to life. Many of the commands are now shorter and, as you’ll see when you check the documentation, they are nicely grouped together.
If you’d like to start using the new version with new syntax, remember to pay attention not only to commands but also to the flags because we’ve changed the names of some of them. For example,
pipeline is now
flow (more about that at the end of this post), and
owner is now
You can still browse references for older versions of cli at docs.kosli.com.
Until now, recording evidence in Kosli was restricted to checking-a-box to confirm that a procedure had been completed. Drilling down to actual results would require you to look in e.g. your CI logs - but these do not always persist forever.
Kosli Evidence Vault will record actual evidence like test results and security scans. It will enable you to store evidence in a safe place you can link to from Kosli, or you can upload evidence to Kosli directly*.
Evidence you can trust
When reporting evidence (any type), if you want to record the location of your evidence, e.g. an archive with test results stored in a repository of your choice, you can provide the url of the package using
And, if you’re looking at evidence at some point in the future, and you want to be sure that it’s the same as the evidence that was reported in the past, you should calculate the fingerprint (using kosli fingerprint command) and save it in Kosli using
–evidence-fingerprint flag. By calculating the fingerprint of the evidence you have in store, and comparing with the fingerprint of the evidence when it was reported, you’ll know right away if it’s the same or if it has been manipulated.
Audit package for artifacts*
Another new flag you may notice is
–evidence-paths that should point to the location of files or folders containing evidence you want to upload to Kosli. That way your evidence will always be easily available when needed, e.g. during an audit.
You can download each uploaded evidence separately by using the download button next to the evidence name on the artifact page, or you can download all of them at once using the “Download Audit Package” button.
* evidence upload and audit package features are available only in Professional and Enterprise plans
Github action v2
A new version - v2 - of our setup-cli-action GitHub action was released, so if you want to use the latest cli syntax in your workflows you can now switch to setup-cli-action@v2 and update the commands and flags accordingly.
setup-cli-action@v1 still uses previous syntax, so your workflows won’t start failing out of nowhere.
Pipelines is renamed to Flows
Another big change that happened lately, which is also the easiest one to notice, is the change in terminology. We stopped using “Pipelines” to refer to a place where you report your artifacts and evidence. To better reflect what it actually is, and so as not to mix it up with CI Pipelines, from now on we use “Flows”. So, you declare flows and then report artifacts, evidence, deployments and approvals to Flows.
The change is now visible both in the CLI and app.kosli.com.