Question 1

What is a flow?

Accepted Answer

A Flow records the journey from commit to production for a service or component. A Flow is where attestations for builds, pull requests, tests, security scans, etc are recorded.

Question 2

Do all Flows cost $99? What do the discounts look like?

Accepted Answer

Paid Flows start at $99, but discounts start to kick in when you reach 50 Flows and become increasingly cheaper as you scale. Contact us for specifics on your needs.

Question 3

What is an Environment Change?

Accepted Answer

An Environment Change is recorded with a snapshot whenever a deployment, termination or scaling event occurs in your runtime environment. This snapshot is sent to Kosli.

Question 4

Why does Kosli record Environment Changes?

Accepted Answer

Environment Changes build a record of snapshots of how your runtimes are really changing. This record allows you to quickly identify unauthorized changes, and is the basis for your compliance and audit status.

Question 5

What happens when I go over my Flows/Environment Change quota?

Accepted Answer

We’ll get in touch to discuss how to scale your plan to meet your needs.

Question 6

What happens at the end of the 30 day free trial?

Accepted Answer

You can decide to proceed to a paid plan or scale back down to the Free tier.

Question 7

Are all of the essential features available in the free tier?

Accepted Answer

Yes, all of Kosli’s key features for audit, compliance and security are available in the free tier.

Question 8

When/Why would I need to upgrade from the Free Tier to the Pro?

Accepted Answer

You need to upgrade if you exceed 10 Flows, make more than 5,000 Environment Changes each month, or require longer than 90 days of data retention. Larger organizations with audit and compliance requirements usually start with a free trial of the Pro Plan.

Question 9

Can I record Environment Changes and Flows in the Free Tier?

Accepted Answer

Yes, you can record up to 10 Flows and 5,000 Environment Changes each month.

Question 10

Can I connect my Environment Changes to my Flows?

Accepted Answer

Yes, you can trace the changes made to your environments all the way back to the initial commit.

Question 11

Can I attest events in my Flows like tests and security scans?

Accepted Answer

Yes, you can do this.

Question 12

What does it mean to attest a Flow event?

Accepted Answer

It means that you choose to report to Kosli that a service or component has had an e.g. test or security scan, or anything else you wish to report from your CI process.

Question 13

What about the actual results of the test or scan? Can I store those too?

Accepted Answer

Yes, you can store this evidence in Kosli’s Evidence Vault and link it to your attestation.

Question 14

Why should I store my attestations and evidence in the Evidence Vault?

Accepted Answer

Kosli’s Evidence Vault is a secure, append-only data store that holds your data in a *tamper-evident* way. It gives you 3rd party proof that you’re following your process.

Question 15

How do I access my data in the Evidence Vault?

Accepted Answer

There’s a link to the Evidence Vault next to the metadata for your artifacts in the Kosli app. Click and download.

Question 16

Can I record a business process in Kosli?

Accepted Answer

Yes, for this we have the Audit Trail feature. An example of a business process that you might want to log in an Audit Trail is the provisioning and revoking of user accounts and access. You can store your Audit Trails in the Evidence Vault.

Question 17

How does Kosli help me to pass a software audit?

Accepted Answer

For this we have an **Export to CSV** feature. Simply select the evidence you would like to export e.g. all deploys to production, choose a date range, and export your evidence in an auditor-friendly format. In the free tier data retention is limited to 90 days, so to export data older than that you should choose the Pro plan.

Question 18

How does Kosli help me to prove compliance with my process?

Accepted Answer

By recording all the changes to your environments, and connecting them to all the events that happen in your Flows, Kosli gives you real time compliance status for all running artifacts. Is a component in production missing e.g. a unit test? Kosli will flag it up with a Notification. As with passing a software audit, proving compliance in the free tier is only possible within the last 90 days. For a longer compliance record you should choose the Pro plan.

Question 19

How does Kosli help me with security?

Accepted Answer

By recording every change to your environments Kosli detects unauthorized workloads, off-pipeline changes, and malicious deployments, and can alert you to them with notifications.

Question 20

What is a notification in Kosli?

Accepted Answer

Kosli can provide various notifications on events like deployments, compliance issues, and scaling events.

Question 21

Does Kosli support the runtimes we use in our organization?

Accepted Answer

Yes, Kosli supports Kubernetes, AWS Lambda, S3 buckets, Azure and more.

Question 22

What about the CI server we use?

Accepted Answer

We’re completely agnostic when it comes to your tool choices - Jenkins, Circle CI, Travis, Bitbucket - Kosli integrates with all of them.

Question 23

What about my industry or standard?

Accepted Answer

Kosli works for teams in any industry (finance, health, automotive, etc) and also for compliance to any standard like ISO, SOC2, FedRamp, etc.

Question 24

Does Kosli need access to my systems?

Accepted Answer

No, you install Kosli CLI to monitor, log, and ship information to Kosli

Question 25

Do you have an on-prem option?

Accepted Answer

Yes, we realize some of our customers have a no-cloud policy, so on-prem is available for Enterprise customers.

Question 26

Can you meet our specific data residency needs?

Accepted Answer

Yes, Enterprise customers can choose to have their data stored in a specific jurisdiction

Question 27

Can I have annual billing?

Accepted Answer

Yes, this is available for Enterprise customers

Question 28

Can I have Single Sign-On?

Accepted Answer

Yes, this is available for Pro and Enterprise customers.

Question 29

Can I lock down Kosli access to my network?

Accepted Answer

Yes, for Enterprise customers we offer a managed single tenant option which can be restricted to your network environment.

Ace your next software audit with Continuous Compliance

Full continuous delivery - no manual checks

No need for screenshots, checklists, or meetings

Breeze through audits without digging in logs

Continuous Compliance and audit for any standard

What is Continuous Compliance?

Continuous Compliance is for teams who need to prove their SDLC is being followed

Regulation and audits don’t have to slow you down

Manual change approvals are slow and risky

Free up your developers and keep your tools

See how Continuous Compliance can work for your team

How it works

Cryptographic Fingerprints

Deployment Controls

Release Approvals

Risk Controls

How does Kosli fit into our process?

Do more with kosli

Audit Trails

Continuous Monitoring

Slack Notifications

Related Resources