May 29, 2023 | By Mike Long
For today’s software organizations security has never been more top of mind. On one side there is the present and growing threat of being hacked by malicious actors, set out in Crowdstrike’s recent Global threat report. And, on the other, there is a wave of cybersecurity regulation from the government to mitigate such cybersecurity vulnerabilities.
May 29, 2023 | By Mike Long
This week I’ve been reading through the recent judgment from the Swedish FSA on the Swedbank outage. If you’re unfamiliar with this story, Swedbank had a major outage in April 2022 that was caused by an unapproved change to their IT systems. It temporarily left nearly a million customers with incorrect balances, many of whom were unable to meet payments.
May 20, 2023 | By Nabendu Biswas
In this post, we’re going to learn about the Ansible copy module. Before we look at the copy module specifically, let us first remind ourselves what Ansible is. You can install this open-source software on just one Linux machine. Then it can perform a lot of tasks on connected Linux machines without requiring Ansible installation on them. You can do tasks like copying files, fetching files, and a lot of other things all on connected machines, with a single command.
May 20, 2023 | By Siddhant Varma
Authentication is the security process that verifies a user’s identity in order to grant access to their online account. It also functions as the gateway to your product. It’s a workflow you can’t compromise on without risking negative impacts on your users and your company. Fortunately, there are lots of authentication services that can do the heavy lifting for you. It’s important to understand what you can do in case of an authentication failure, when to do it, and why.
May 17, 2023 | By Mike Long
Preparing for a software audit can be a time-consuming and painful process where a lot of information needs to be gathered and verified in a provable audit trail. It means tracking down and piecing together evidence for pull requests, test reports, security scans, deployment logs, and more. This information is usually scattered across tools which are typically unsecured and unmanaged, so it can be easily deleted and/or modified.
May 12, 2023 | By Juan Reyes
Command injection is a kind of cyber attack that allows an attacker to execute arbitrary commands on a system. Attackers accomplish this by exploiting vulnerabilities in an application’s input validation process.
May 2, 2023 | By Juan Reyes
Securing sensitive data is crucial for any application, but managing this data can be complex and error-prone. Docker secrets provide a reliable and secure way to handle sensitive information like passwords, API keys, and certificates in your Docker environment. In this introductory guide, we’ll explore what Docker secrets are, how to use them with practical examples, and share some best practices to help you safeguard your sensitive data effectively.
May 2, 2023 | By Vincent Chosen
Access control is a security mechanism that regulates who has access to sensitive data, resources, and systems. It ensures that only authorized users can access sensitive data and activities while keeping unauthorized users out. Access control is critical for protecting sensitive data such as personally identifiable information (PII), financial information, and intellectual property.
Apr 28, 2023 | By Ewelina Wilkosz
Hello, and welcome to the April edition of the changelog. The weather is finally starting to stabilize and resembles one rather than all the seasons. Parks are full of colors and goslings, and at Kosli we’re as busy as ever, so let’s get right into it.
Apr 28, 2023 | By Bruce Johnston
If you’re part of a software engineering team in digital health, medtech, medical devices, Software as a Medical Device (SaMD), etc. you have to comply with regulatory standards. And one of the biggest challenges engineering leads have in this sector is figuring out what they have to do to achieve software delivery compliance.
Apr 21, 2023 | By Kosli
Hey Bill Bensing here, Feild CTO @kosli7786 Here's my latest video on our new feature Evidence Vault and how it helps solve audit and compliance for engineering driven organizations like yours. In this video ill show you how Kosli makes the toil of a software audit a breeze.
Dec 19, 2022 | By Kosli
Espen Thomassen Sæverud - CTO Stacc & Øyvind Fanebust - Partner - Stacc Help, we’re doing ISO! Why, what, and how? Continuous Compliance Espen & Øyvind have extensive experience in banking and finance with particular expertise in the area of Continuous Compliance. In this talk they will take you on a journey towards ISO certification, discussing challenges and best approaches.
A new spin on a classic format, a story about how collaboration, communication, and visibility helped a misunderstood Troll to empower a nation. Alex Kantor, Director of Technology at Modulr, will show you how they used Kosli to enable their developers to release directly to production in a financially regulated environment. Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
Diptesh “Dips” Mishra, CTO for Shoal (a Standard Chartered Venture) will talk about the governance challenges that financial services organisations face when they look to adopt DevSecOps. Dips has worked for Nationwide, Lloyds Banking Group, and RBS and he’ll share key strategies behind successful implementations Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
In this talk Mike will discuss the state of regulated DevOps, share the Kosli startup journey, what we’ve learned along the way, and briefly demo how Kosli helps regulated DevOps teams to deliver software with continuous compliance. Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
With the modern patterns and practices of DevOps and DevSecOps it’s not clear who the front-line owners are anymore. Today, most organizations' internal audit processes have lots of toil and low efficacy. This is something John has referred to in previous presentations as “Security and Compliance Theater.” Filmed at Exploring DevOps, security, audit compliance and thriving in the digital age in Oslo Dec 8th at Rebel.
Inside Investments Unlimited with co-author John Willis - Distinguished Researcher at Kosli & Author
John Willis - Distinguished Researcher & Author dives into Investments Unlimited the latest novel from IT Revolution. It’s about an investment bank dealing with DevOps, DevSecOps, and IT Risk. John is co-author of this bestseller and he will share the story behind the book, how and why it was created, and the real life lessons it holds for all regulated software organizations.
At Exploring DevOps, security, audit compliance and thriving in the digital age we wrapped up the day with a panel discussion featuring all of our speakers plus Lamisi Gurah - Service Owner / Head of IEP Engineering Productivity at DNB. Come prepared with whatever’s on your mind or follow up on what you’ve heard during the talks. Our speakers would love to take your questions.
Dec 12, 2022 | By Kosli
Recorded LIVE in Oslo, watch John Willis, co-author of Beyond the Phoenix project 📕 and Investments Unlimited (out now!) as he discusses Modern Governance that satisfies regulators without slowing you down.
Aug 5, 2022 | By Kosli
Go fast and reduce risk, you bet! Welcome to the future of software development! Join Arti as they take you through the past, present and future of software development and discover how Continuous Compliance can help you achive your DevOps ambitions.
May 20, 2023 | By Kosli
Supply chain Levels for Software Artifacts (SLSA) is a security framework that assists in ensuring the integrity of software artifacts throughout the software supply chain. The Open Source Security Foundation (OpenSSF) introduced SLSA in 2021 to protect software from sources through deployment by helping organizations to counter critical threats. SLSA provides a model for improving supply chain security and integrity, and offers guidance for solving issues related to developer or build systems as exploitable security vectors.
Deliver secure software changes at scale and deploy to production with speed and compliance.
Kosli records an easily searchable history of all your changes from commit to production, so you can quickly find the change you need. Move beyond GitOps and understand how your pipelines and environments are really changing.Continuous monitoring in your runtimes and pipelines:
- Release software with continuous compliance and zero day audits: Kosli records changes in your environments and pipelines as they happen. Get compliance status in real time and export all the evidence you need for an audit to CSV.
- Track deployments with full cycle security: Kosli connects what’s running in production with what was qualified in your pipelines. Get alerts for undocumented workloads and any deviations from your security policies.
- Pinpoint the exact change you need when you need it: Kosli gives you a searchable database of every change made to your systems. Get the answer you need by asking better questions in the browser or the command line.
- Real-time observability for devs and engineers: Tired of trying to figure out which change broke everything? Need to know where your commit is? Get the ability to see how your environments and pipelines are actually changing and quickly locate the change you need.
Faster changes. Stronger security. Painless audits.