We are thrilled to announce 📢 Kosli is now SOC 2 Type 2 compliant - Read more
New Feature: Kosli Trails is liveCreate comprehensive audit trails for any DevOps activity - Read more

Automate the collection, correlation, and storage of control evidence

Introducing Evidence Vault, unlock efficiency and compliance with total automation in your internal controls testing process. Create an accessible and transparent audit-trail - instantly. No more searching, and digging, save hours of manual work.

artifact and checkmark icons

Centralize the evidence gathering in one tool

Don’t spend time searching scattered information across your tools. Get a single pane view of all your hard-proof, securely store in Evidence Vault.
Automation in the internal controls testing process

Release compliant software without risks or delays

Securely upload evidence files and attestations, generating an immutable, append-only repository of verifiable evidence.
Reduce cost and time by up to 95%

Produce full audits with a simple export to CSV

Eliminate the highly-manual, burdensome, and ambiguous task of gathering evidence for internal controls testing. Focus on your core business, while going through audits.

Software delivery compliance and audit for any standard

AICPA SOC logo ISAE 3402 logo HIPAA logo ISO27001 logo FedRAMP logo PCI DSS logo NICST logo SCF logo IEC logo FDA logo ISO logo

What is Evidence Vault?

The Evidence Vault is an immutable, append-only repository of verifiable evidence. This innovation is the stepping-stone towards achieving total automation in the internal controls testing process.
With Evidence Vault you have the receipts, together with the corroborating evidence and a manifest of SHAs, proving all flow attestations and evidence. This means you’re ready to give a Great Answer to any question an auditor might have when they dig into your changes.

Try for free

Security and Transparency, in the core of Evidence Vault

Immutable and tamper-proof evidence storing

Collect and store all the proof you will need for an audit in Kosli’s secure, immutable and append-only database.

By calculating the fingerprint of the evidence you have in store, and comparing with the fingerprint of the evidence when it was reported, you know right away if it’s the same or if it has been manipulated.

Evidence vault screenshot

Automate the collection of evidence for your software audit

Whether you need to collect proof of your unit tests or vulnerability tests, the evidence is collected automatically through your CI pipeline and is supplied against your artifact or even against the commit that produced your artifact.

Additionally, you can provide external links to canonical sources, and now you always know you have the full proof you need when it comes to audit time.

Cartoon characters celebrating in front of devops loop

Reduce cost and time by up to 95%

Internal controls testing is the most expensive part of any audit process where humans have to manually collect the evidence. This information is usually scattered across tools which makes it increasingly time consuming and costly.

With Kosli, all this information is collected and securely stored in our append-only database and can be easily exported with a click of a button (literally!) - and it is ready for the auditors.

Cartoon character in front of report documents

See how Evidence Vault works for your case

Book a demo

Collect and report evidence of any type

Cryptographic fingerprint icon

Snyk scan

Automatically report Snyk scan evidence on Kosli by using the flag --scan-results

Junit test result

Release Approvals

Report JUnit test evidence for an artifact in a Kosli flow using the flag --results-dir

Risk Control icon


Upload and report any document that you need, from .xml to JSON format

Evidence vault screenshot

Not your typical security and compliance automation platform

With the Evidence Vault, Kosli takes a leap beyond other leading compliance solutions, addressing the pressing needs of software delivery compliance evaluations for standards including SOC2, ISO 27001, GDPR, PCI DSS, and more.

With Evidence Vault, you can provide proof at your code level. In combination with the Audit Trail, you can export the list of all deployments in a auditor-friendly format.

Ready to ship with more confidence?

Get security and compliance you can trust without slowing down or changing your tools.
Request a demo Start for free
Auditor and Kosli user

Got a question about Kosli?

We’re here to help, our customers range from larges fintechs, medtechs and regulated business all looking to streamline their DevOps audit trails

Contact us

Do more with kosli

Audit Trails icon

Audit Trails

Automatically provide the proof that a critical business process actually took place.

Continuous Monitoring icon

Continuous Monitoring

Identify threats, trace changes. and secure your production environments.

Slack Notifications icon

Slack Notifications

Stay on top of environment changes and compliance events in real time.

Related Resources

Secure SDLC Process Template Infinity Loop

Kosli’s free asset helps define your SSLDC, providing a defined, repeatable way of working that manages IT risks

Fork the repo
Supply Chain Levels for Software Artifacts (SLSA) Whitepaper cover

Download Kosli’s Free white paper: Supply Chain Levels for Software Artifacts (SLSA)

View white paper
Oyvind character from stacc with ISO logo

See how Kosli enabled Stacc’s journey to ISO compliance at NDC Conference and that turbo eureka moment!

Watch the video
Character with a magnifying glass next compliance standard logos

How to prove your SDLC is being followed for compliance with medical standards like IEC 62304

Read the blog
Multicolor devops loop

What does it mean to deliver software with Continuous Compliance?

Read the blog
Artie character and company logos

Meet the companies that made friends with change with Kosli and ship with confidence and speed

View customer stories