Kosli raises $3.1 M USD in seed funding backed by Heavybit - Read more
New White Paper: Supply Chain Levels for Software Artifacts (SLSA) - Download now
Kosli Evidence Vault

Ace your way through painless audits with Kosli's Evidence Vault

Published May 17, 2023 in news, technology
Reading time: 3 minutes

Preparing for a software audit can be a time-consuming and painful process where a lot of information needs to be gathered and verified in a provable audit trail. 

It means tracking down and piecing together evidence for pull requests, test reports, security scans, deployment logs, and more. 

This information is usually scattered across tools which are typically unsecured and unmanaged, so it can be easily deleted and/or modified. It’s hard to know if all the data has been retained, or if you can really trust it. 

It’s also impossible to second guess what the auditor will ask for. Even if you’ve done everything according to your process, actually proving it can involve days or weeks of painful digging in your tools and logs. 

Software audits are still a frustrating and manual process in a world where nearly everything else is automated. We’ve decided to change that with Evidence Vault.

Introducing Evidence Vault

With Kosli, it has always been possible to record attestations in your pipelines about all the processes and controls across all your tools and environments.  

With Evidence Vault we are extending our attestation engine to enable you to upload corroborating evidence as files and store them in our immutable and tamper-evident store. 

This means that all of the proof you will ever need for an audit is stored safely, securely, cannot be tampered with without you knowing, and is never more than a couple of clicks away. 

Kosli evidence vault diagram

So, to recap, before you were able to attest in your pipeline that e.g. a unit test had been performed. Now, you will be able to upload and add a link to the actual unit test result files.  

This frees you from having to find a secure place to store these files, and it makes it super easy to find them later.

Kosli artifact evidence app view

Any evidence that is supplied against your artifact (or even against the commit that produced your artifact) will be connected as attachments to the attestations.  

You can still provide external links to canonical sources, but now you always know you have the full proof you need when it comes to audit time.

Even better, we record the cryptographic fingerprint of the evidence into our ledger, so your audit, security and compliance stakeholders can be sure that any evidence you provide has not been tampered with.  

Give Great Answers to Audit Questions

With Evidence Vault you have the receipts, together with the corroborating evidence and a manifest of SHAs, proving all flow attestations and evidence. 

This means you’re ready to give a Great Answer to any question an auditor might have when they dig into your changes.  

Evidence Vault is already available for all users on paid plans. Give it a try and share your feedback in Kosli Community.


ABOUT THIS ARTICLE

Published May 17, 2023, in news, technology

AUTHOR
Live in Git Blame? Don’t spend hours searching for the change that broke your application! Query, search and discover all the changes in one place

Ready to get started?

No credit card required. Get set up in minutes and discover what’s really running in your environments
Signup for free with Github
Ewelina using Kosli

Always free

Find out if Kosli is right for you with our free tier. Try all the features you’ll need to decide.
Kosli team using Slack

Let's chat

We have an open Slack channel where you can get in touch with the Kosli team and other users.

Sign up to our newsletter

We'll let you know about the Kosli launch, product news, features and updates
Kosli is committed to protecting and respecting your privacy. By submitting this newsletter request, I consent to Kosli sending me marketing communications via email. I may opt out at any time. For information about our privacy practices, please visit Kosli's privacy policy.
Kosli team reading the newsletter

Let’s chat!

Got a question about Kosli? An idea for a new feature? Join Kosli Slack and talk to us.

Join
Developers using Kosli