A Flow records the journey from commit to production for a service or component. A Flow is where attestations for builds, pull requests, tests, security scans, etc are recorded.

Do all Flows cost $99? What do the discounts look like?

Paid Flows start at $99, but discounts start to kick in when you reach 50 Flows and become increasingly cheaper as you scale. Contact us for specifics on your needs.

What is an Environment Change?

An Environment Change is recorded with a snapshot whenever a deployment, termination or scaling event occurs in your runtime environment. This snapshot is sent to Kosli.

Why does Kosli record Environment Changes?

Environment Changes build a record of snapshots of how your runtimes are really changing. This record allows you to quickly identify unauthorized changes, and is the basis for your compliance and audit status.

What happens when I go over my Flows/Environment Change quota?

We’ll get in touch to discuss how to scale your plan to meet your needs.

What happens at the end of the 30 day free trial?

You can decide to proceed to a paid plan or scale back down to the Free tier.

Are all of the essential features available in the free tier?

Yes, all of Kosli’s key features for audit, compliance and security are available in the free tier.

When/Why would I need to upgrade from the Free Tier to the Pro?

You need to upgrade if you exceed 10 Flows, make more than 5,000 Environment Changes each month, or require longer than 90 days of data retention. Larger organizations with audit and compliance requirements usually start with a free trial of the Pro Plan.

Can I record Environment Changes and Flows in the Free Tier?

Yes, you can record up to 10 Flows and 5,000 Environment Changes each month.

Can I connect my Environment Changes to my Flows?

Yes, you can trace the changes made to your environments all the way back to the initial commit.

What does it mean to attest a Flow event?

It means that you choose to report to Kosli that a service or component has had an e.g. test or security scan, or anything else you wish to report from your CI process.

What about the actual results of the test or scan? Can I store those too?

Yes, you can store this evidence in Kosli’s Evidence Vault and link it to your attestation.

Why should I store my attestations and evidence in the Evidence Vault?

Kosli’s Evidence Vault is a secure, append-only data store that holds your data in a *tamper-evident* way. It gives you 3rd party proof that you’re following your process.

How do I access my data in the Evidence Vault?

There’s a link to the Evidence Vault next to the metadata for your artifacts in the Kosli app. Click and download.

Can I record a business process in Kosli?

Yes, for this we have the Audit Trail feature. An example of a business process that you might want to log in an Audit Trail is the provisioning and revoking of user accounts and access. You can store your Audit Trails in the Evidence Vault.

How does Kosli help me to pass a software audit?

For this we have an **Export to CSV** feature. Simply select the evidence you would like to export e.g. all deploys to production, choose a date range, and export your evidence in an auditor-friendly format. In the free tier data retention is limited to 90 days, so to export data older than that you should choose the Pro plan.

How does Kosli help me to prove compliance with my process?

By recording all the changes to your environments, and connecting them to all the events that happen in your Flows, Kosli gives you real time compliance status for all running artifacts. Is a component in production missing e.g. a unit test? Kosli will flag it up with a Notification. As with passing a software audit, proving compliance in the free tier is only possible within the last 90 days. For a longer compliance record you should choose the Pro plan.

How does Kosli help me with security?

By recording every change to your environments Kosli detects unauthorized workloads, off-pipeline changes, and malicious deployments, and can alert you to them with notifications.

What is a notification in Kosli?

Kosli can provide various notifications on events like deployments, compliance issues, and scaling events.

Does Kosli support the runtimes we use in our organization?

Yes, Kosli supports Kubernetes, AWS Lambda, S3 buckets, Azure and more.

What about the CI server we use?

We’re completely agnostic when it comes to your tool choices - Jenkins, Circle CI, Travis, Bitbucket - Kosli integrates with all of them.

What about my industry or standard?

Kosli works for teams in any industry (finance, health, automotive, etc) and also for compliance to any standard like ISO, SOC2, FedRamp, etc.

Does Kosli need access to my systems?

No, you install Kosli CLI to monitor, log, and ship information to Kosli

Do you have an on-prem option?

Yes, we realize some of our customers have a no-cloud policy, so on-prem is available for Enterprise customers.

Can you meet our specific data residency needs?

Yes, Enterprise customers can choose to have their data stored in a specific jurisdiction

Can I have annual billing?

Yes, this is available for Enterprise customers

Can I have Single Sign-On?

Yes, this is available for Pro and Enterprise customers.

Can I lock down Kosli access to my network?

Yes, for Enterprise customers we offer a managed single tenant option which can be restricted to your network environment.

Worried about risky non-compliant changes? Ensure security with continuous monitoring from requirement to production

Most security and observability solutions focus on the software supply chain and securing golden pipelines. But these approaches can't guarantee that all the software running in your production environments is secure and compliant. Kosli gives you continuous monitoring in production and sends actionable alerts as soon as unauthorized changes start running.

Book a Demo Try for free

Real-time forensics for any environment

Stay ahead of cyber threats with real-time recording of production workloads with a full historical record for audit and incident analysis.

Seamless Compliance Monitoring

Don’t wait until audit to find compliance deviations. With Kosli you can continuously enforce compliance with your security standards across every workload.

Improve security with zero trust compliance actions

Avoid silent failures, subjective/patchy compliance. Kosli’s attestations and alerts ensure security actions are fact-based, timely and measurable towards your goals.

Whatever security standard you need to achieve, Kosli can help

What is Continuous Monitoring?

Approving changes to production with manual documentation processes is slow and prone to human error. Manual sign-offs, paperwork, screenshots and change advisory boards can’t keep up with the speed of DevOps teams, the requirments of modern security, or the demand to do more with less in today’s technology organizations.

Kosli’s Continuous Monitoring solution allows Dev, Ops, compliance officers, security teams, SREs, CISOs, even external regulators, to see whats running in production, how it got there, and if it’s in compliance with your defined standards. It allows you to deploy software safely, securely, and continuously. Teams can observe changes to production in real time and get alerts when a change is non-compliant. Never get caught short in a security breach, outage, or audit ever again.

Lean more about Continuous Monitoring

Continuous Monitoring is for teams who need to prove their SDLC is being followed

Ditch the detective work, know what’s running at any time with 100% confidence

Reduce detective work across complex systems in the event of a breach, outage or exploited vulnerabilities. When things go wrong, the last thing you should worry about is reverse engineering the history of your environments.

With Kosli’s environment recording, you have a full history for what’s running, where it came from, and if it is compliant with your standards.

magnifying glass in bin, happy auditor, screen of Kosli with clear path or evidence

Enforce your process across every team and system

With sprawling teams, distributed architectures and tool silos it can be a real pain to ensure every change has followed your process.

With Kosli you can gather attestations for code review, security scans, or deployments approvals automatically. It’s quick to set up, and integrates with your existing tools and process.

So you can be sure that every change is compliant. Every time.

Kosli - brining a centralized view and storage to the sprwal of software change and compliance

Replace paperwork with objective, fact-based security

If you’re using screenshots, spreadsheets, and manual sign offs to approve changes, you’re delaying your software release to get a patchy record of what actually happened.

This is slow, requires a lot of trust, and makes audit a nightmare

With Kosli, attestations and alerts ensure security actions are fact-based, timely and measurable towards your goals.

Automated attestation and evidence gathering no paperwork, happy teams

See how Continuous Monitoring can work for your team

Book a demo

“We always know our compliance status in real time and that gives us a lot of freedom to deliver our changes”

Cato Auestad, Chief Technology Officer @Firi

View Firi’s customer story

“We didn’t spend any extra time gathering evidence manually because all of it had already been recorded in Kosli”

Øyvind Fanebust, Partner @Stacc

View Stacc's customer story

“We now have a central system of record where the auditor can see a complete audit trail of changes across multiple systems”

Alex Kantor, Director of Technology @Modulr

View Modulr's customer story

“We believe that DevOps is the key to our success, and in our industry being able to automate change management is an important part of our technical strategy”

Andreas Røe, Chief Technology Officer @ZTL

View ZTL's customer story

"Kosli doesn’t just help us to respond to incidents, it helps us to reduce their frequency"

Mark Martin, Sr. Director Platform Engineering @SolarWinds

View SolarWind's customer story

Real-time workload detection, automated compliance checks, and actionable alerts

Risk Controls

Take risk controls out of tickets and meetings (CAB) and automate them in your CI pipelines and business process.

Learn more

Change Forensics

Improve MTTR by understanding the source of any change immediately with a complete history of all your changes

Learn more

Deployment Controls

Take a proactive security stance with automated deployment controls to make sure only compliant software is running

Learn more

Release Approvals

Generate release approvals from version control or Slack. Deploy without screenshots, delays and misinformation

Learn more

Alerts

Know what's really running in your production environments with real time status updates, reporting and notifications in app or in Slack.

Learn more

Kosli along side other top monitoring tools, DataDOg, Grafana, Splunk, New RElic, Sumo Logic, Prometheus

Does Kosli fit in with my other monitoring tools?

YES! Kosli doesn’t replace any of the tools in your current software development process. Kosli is designed to integrate with a variety of existing monitoring tools to build a more complete and accurate pictiure of your changes. We’re not a substitute for your tools like Datadog, Prometheus, Grafana, Splunk and so on. We help join the dots hetween them.

Kosli integrates and enhances your security posture by giving you a provable record of every activity between commit and deploy and tieing all your tooling together.

So you can always see if something sneaks into your production environment that shouldnt be there and that your processes are being followed. With one click generate an audit trail without manual evidence gathering to keep auditors off your back.

Ready to ship with more confidence?

Get security and compliance you can trust without slowing down or changing your tools.

Request a demo Start for free

Got a question about Kosli?

We’re here to help, our customers range from larges fintechs, medtechs and regulated business all looking to streamline their DevOps audit trails

Do more with kosli

Audit Trails

Automatically provide the proof that a critical business process actually took place.

View feature

Continuous Monitoring

Identify threats, trace changes. and secure your production environments.

View feature

Slack Notifications

Stay on top of environment changes and compliance events in real time.

View feature

Related Resources

Secure SDLC Process Template Infinity Loop

Kosli’s free asset helps define your SSLDC, providing a defined, repeatable way of working that manages IT risks

Fork the repo

Supply Chain Levels for Software Artifacts (SLSA) Whitepaper cover

Download Kosli’s Free white paper: Supply Chain Levels for Software Artifacts (SLSA)

View white paper

See how Kosli enabled Stacc’s journey to ISO compliance at NDC Conference and that turbo eureka moment!

Watch the video

Character with a magnifying glass next compliance standard logos

How to prove your SDLC is being followed for compliance with medical standards like IEC 62304

Read the blog

What does it mean to deliver software with Continuous Compliance?

Read the blog

Meet the companies that made friends with change with Kosli and ship with confidence and speed

View customer stories

Worried about risky non-compliant changes? Ensure security with continuous monitoring from requirement to production

Real-time forensics for any environment

Seamless Compliance Monitoring

Improve security with zero trust compliance actions

Whatever security standard you need to achieve, Kosli can help

What is Continuous Monitoring?

Continuous Monitoring is for teams who need to prove their SDLC is being followed

Ditch the detective work, know what’s running at any time with 100% confidence

Enforce your process across every team and system

Replace paperwork with objective, fact-based security

See how Continuous Monitoring can work for your team

Real-time workload detection, automated compliance checks, and actionable alerts

Risk Controls

Change Forensics

Deployment Controls

Release Approvals

Alerts

Does Kosli fit in with my other monitoring tools?

Ready to ship with more confidence?

Got a question about Kosli?

Do more with kosli

Audit Trails

Continuous Monitoring

Slack Notifications

Related Resources

Get the latest updates, tutorials and more, delivered right to your inbox.