We are thrilled to announce 📢 Kosli is now SOC 2 Type 2 compliant - Read more
New Feature: Kosli Trails is liveCreate comprehensive audit trails for any DevOps activity - Read more
Kosli Evidence Vault

Ace your way through painless audits with Kosli's Evidence Vault

Mike Long
Author Mike Long
Published July 13, 2023 in news, technology
clock icon 3 min read

Preparing for a software audit can be a time-consuming and painful process where a lot of information needs to be gathered and verified in a provable audit trail

It means tracking down and piecing together evidence for pull requests, test reports, security scans, deployment logs, and more. 

This information is usually scattered across tools which are typically unsecured and unmanaged, so it can be easily deleted and/or modified. It’s hard to know if all the data has been retained, or if you can really trust it. 

It’s also impossible to second guess what the auditor will ask for. Even if you’ve done everything according to your process, actually proving it can involve days or weeks of painful digging in your tools and logs. 

Software audits are still a frustrating and manual process in a world where nearly everything else is automated. We’ve decided to change that with Evidence Vault.

Introducing Evidence Vault

With Kosli, it has always been possible to record attestations in your pipelines about all the processes and controls across all your tools and environments.  

With Evidence Vault we are extending our attestation engine to enable you to upload corroborating evidence as files and store them in our immutable and tamper-evident store. 

This means that all of the proof you will ever need for an audit is stored safely, securely, cannot be tampered with without you knowing, and is never more than a couple of clicks away. 

Kosli evidence vault diagram

So, to recap, before you were able to attest in your pipeline that e.g. a unit test had been performed. Now, you will be able to upload and add a link to the actual unit test result files.  

This frees you from having to find a secure place to store these files, and it makes it super easy to find them later.

Kosli artifact evidence app view

Any evidence that is supplied against your artifact (or even against the commit that produced your artifact) will be connected as attachments to the attestations.  

You can still provide external links to canonical sources, but now you always know you have the full proof you need when it comes to audit time.

Even better, we record the cryptographic fingerprint of the evidence into our ledger, so your audit, security and compliance stakeholders can be sure that any evidence you provide has not been tampered with.  

Give Great Answers to Audit Questions

With Evidence Vault you have the receipts, together with the corroborating evidence and a manifest of SHAs, proving all flow attestations and evidence. 

This means you’re ready to give a Great Answer to any question an auditor might have when they dig into your changes.  

Evidence Vault is already available for all users. Sign up for free to give it a try and share your feedback in the Kosli Community.

Want to be the first to use the Evidence Vault?

Stay in the loop with the Kosli newsletter

Get the latest updates, tutorials, news and more, delivered right to your inbox
Kosli is committed to protecting and respecting your privacy. By submitting this newsletter request, I consent to Kosli sending me marketing communications via email. I may opt out at any time. For information about our privacy practices, please visit Kosli's privacy policy.
Kosli team reading the newsletter

Got a question about Kosli?

We’re here to help, our customers range from larges fintechs, medtechs and regulated business all looking to streamline their DevOps audit trails

Contact us
Developers using Kosli