Part 5: Flows #

Kosli allows you to connect the development world (commits, builds, tests, approvals, deployments) with what’s happening in operations. There is a variety of commands that let you report all the necessary information to Kosli and - relying on automatically calculated fingerprints of your artifacts - match it with the environments.

In all the commands below we skip required --api-token and --org flags - these can be easily configured via config file or environment variables so you don't have type them over and over again.

Create a flow #

To report artifacts to Kosli you need to create a Kosli flow first. When you create a flow you also define a template - a list of types of evidence (controls) you need to be reported in order for the artifact to become compliant. Use the --template flag to provide the list of controls.

When reporting evidence for a specific control you use a name in the template to identify which evidence you are reporting.

It is a normal practice to include kosli create flow command in the same CI pipeline you use to build the artifact you want to report to that Kosli flow. None of the previously reported artifacts will be overwritten or lost. And if you change the template, by adding or removing required evidence, it won't affect the compliance status of existing artifacts.

Example #

$ kosli create flow project-a \
	--description "Project A artifacts" \
	--template artifact,unit-test,pull-request,snyk,code-coverage

flow 'project-a' was created
$ kosli pipeline declare \
	--pipeline project-a \
	--description "Project A artifacts" \
	--template artifact,unit-test,pull-request,snyk,code-coverage

pipeline 'project-a' created

See kosli create flow for more details.