We are thrilled to announce 📢 Kosli is now SOC 2 Type 2 compliant - Read more
New Feature: Kosli Trails is liveCreate comprehensive audit trails for any DevOps activity - Read more

Built for compliance and security

Kosli has been built to seamlessly integrate into your DevOps workflows and start recording and securely storing all your software changes from your CI pipelines, runtime environments and infrastructure. Ensure compliance, security and observability across your teams and projects.
Developer using kosli

Record environment changes

Automatically run a regular job to query each environment, recording real-time data on how they change.

Your environment data is stored in a secure append-only database using a unique content based ID for each running artifact (eg. docker image digest).

Kosli environment reporting

Record pipeline events

Report every CI pipeline event of interest (builds, security scans, test results, approvals, deployments, etc.) to record real-time data on what happens to your software.

Your pipeline data is stored in a secure append-only database using the git commit or artifact SHA as the unique ID for each event.

Kosli pipeline reporting

Query anything!

Kosli can tell you what’s running in any environment now, in the past, and how it has changed

Kosli can tell you the complete history of builds, tests, approvals, and deployments across all your pipelines

All this data is avalible in your browser and from your command line.

Kosli CLI and app diagram

Kosli concepts - Recording your SDLC for audit, compliance and security

Attestation: a record of a fact you care about

Diagram of kosli attestations

Trail: a chain of related attestations

Diagram of kosli trails

Flow: a collection of trails for a given process

  • CI/CD runs for Payments api service
  • Terraform workflows for production account example
  • JIRA ticket development work
  • Feature flag changes
Diagram of kosli flows

Snapshot: a record of the artifacts in a runtime system at a point in time

  • The running artifacts in a AWS ECS namespace example
  • The running pods in a k8s cluster
  • The terraform state files in an S3 bucket
  • The functions in AWS Lambda
  • The files in a directory
Diagram of kosli snapshots

Environment: a history of snapshots for a runtime system over time

  • How this k8s cluster changes example
  • How this S3 bucket changes
  • How this directory changes
  • How this lambda changes
Diagram of kosli environment

Action: trigger external systems based on changes

  • Send a slack message when a deployment is detected
  • Start a CI process when an environment changes
  • Open an incident ticket when an unexpected change occurs
Diagram of kosli environment

Get continuous compliance with DevOps Change Management

Artifact Provenance

Kosli uses cryptographic fingerprinting to record a tamper-proof identity for every artifact in your controlled build process

View Binary Provenance docs >
Diagram explaining binary provenance

Risk Controls as Code

Kosli logs the evidence from each step in your software development life cycle, building an audit trail of risk controls for each artifact

Risk controls in CI pipeline

Release Approvals

With Kosli you can generate release approvals via version control, CI, or even Slack events. Compliant deploys without the ceremony

View Release Approvals docs >
Diagram comparing human in the loop vs Kosli approvals without the paperwork

Deployment Controls

Automatically ensure only compliant software is deployed by verifying binary provenance, risk controls, and approvals as part of your deployment process

Diagram showing securing production and deployment controls

Deployment Logs

Record every change to every environment in a fully auditable environment log

View Deployment Logs docs >
Kosli deployment logger diagram

Environment Reports

Real-time reporting from operations provides full observability over what’s really running in production. A complete history of change that’s instantly available

Kosli Environment reporter diagram

Bringing Dev and Ops closer together

DevOps Freedom

Kosli frees regulated teams to deliver at the speed of DevOps, with any tools, in any industry, for any standard.

Technical documentation >

Compliance and Speed

Kosli maintains Continuous Compliance at high rates of change by automating change management in your DevOps.

Technical documentation >

4D Observability

Kosli can tell you what’s in production, how it got there, and if it’s compliant – for any point in time.

Book a live demo >

Fed up with paperwork and meetings? Press the easy button for Audit and Compliance

Fed up with paperwork and meetings? Press the easy button for Audit and Compliance image

Do more with kosli

Audit Trails icon

Audit Trails

Automatically provide the proof that a critical business process actually took place.

Continuous Monitoring icon

Continuous Monitoring

Identify threats, trace changes. and secure your production environments.

Slack Notifications icon

Slack Notifications

Stay on top of environment changes and compliance events in real time.

Related resources

Secure SDLC Process Template Infinity Loop

Kosli’s free asset helps define your SSLDC, providing a defined, repeatable way of working that manages IT risks

Fork the repo
Supply Chain Levels for Software Artifacts (SLSA) Whitepaper cover

Download Kosli’s Free white paper: Supply Chain Levels for Software Artifacts (SLSA)

View white paper
Oyvind character from stacc with ISO logo

See how Kosli enabled Stacc’s journey to ISO compliance at NDC Conference and that turbo eureka moment!

Watch the video
Character with a magnifying glass next compliance standard logos

How to prove your SDLC is being followed for compliance with medical standards like IEC 62304

Read the blog
Multicolor devops loop

What does it mean to deliver software with Continuous Compliance?

Read the blog
Artie character and company logos

Meet the companies that made friends with change with Kosli and ship with confidence and speed

View customer stories