Operations | Monitoring | ITSM | DevOps | Cloud

We’ve just wrapped up London’s 2025 Open Source Finance Forum (OSFF) in London and in this blog I’ll try to capture the key highlights from this year’s event while they’re still fresh. Dominant themes were the increasing prominence of legislation and governance frameworks, and what these mean for developers and practitioners.

There is a huge amount of hype around AI. Companies are growing faster than ever, IT budgets are being redirected, and product roadmaps everywhere are being redrawn. There is no doubt LLM’s are a transformative technology. At the same time, as with any early technology cycle we are far from understanding the patterns of success. And for sure, mis-steps and bad takes abound.

In modern software development, different environments often have different compliance requirements. Your development environment might allow more flexibility, while production demands strict controls around security scans, testing, and code review. Environment Policy helps you codify these requirements and enforce them consistently.

At Kosli, we believe that governance in software delivery shouldn’t be a bottleneck – it should be an extension of how your teams already work. That’s why we’re excited to introduce custom attestations in Kosli. Here’s the short version: What are custom attestations? They let you record facts about your workflows – with evidence – using controls that actually match your processes. Why does this matter? Because generic attestations can miss the mark.

Automating SDLC Governance is one of our key use cases. Kosli gathers all of the evidence your engineering teams need for change management and audit by recording every step in their SDLC, from commit to production, across all of their CI/CD tools. But robust SDLC governance doesn’t just depend on gathering all the necessary data - it also depends on controlling who can add to that data. And that’s exactly what our new access control feature solves.

Software Bill of Materials (SBOMs) are crucial for maintaining software security and supply chain transparency. They provide a detailed list of all components, libraries, and dependencies within a software application, enabling organizations to identify and address potential vulnerabilities, license compliance issues, and other risks. By generating and tracking SBOMs in Kosli, you can establish a centralized and auditable repository for your software’s supply chain information. This allows you to.

A feature we often get asked about at Kosli is whether we can help support a release/promotion workflow: a workflow that deploys a known set of Artifacts from one runtime environment (eg beta/staging) into another runtime environment (eg production), typically in parallel. The simple answer is we can help, and in this blog we show the release workflow in the Kosli cyber-dojo demo project (an open sourced application for practising TDD from your browser).

We are delighted to announce that Kosli has raised $10 million in Series A funding. The round was led by Deutsche Bank’s Corporate Venture Capital (CVC) group, with participation from Heavybit, Defined Capital, Transpose Platform, and a number of angel investors. Alongside this funding milestone we are launching Kosli Enterprise, a new offering designed to meet the complex governance and compliance needs of large financial institutions.

The kosli attest generic CLI command can attest anything, but unlike a “typed” attestation (such as kosli attest snyk), it does not calculate a true/false compliance value for you. Customers have reported that while a generic “escape hatch” is useful, it nevertheless has some drawbacks: Based on this feedback we’ve implemented a new attest command called kosli attest custom.

We are thrilled to announce that Kosli has joined the Fintech Open Source Foundation (FINOS), a Linux Foundation organization dedicated to fostering collaboration and innovation in financial services technology. Our goal is to engage the community establishing common standards and automation practices for DevOps controls and change management automation.