Changelog

​

New features

• kosli_flow resource and data source — manage Kosli flows as Terraform resources. Define name, description, and YAML template inline or via file(). The data source lets you query existing flows and reuse their templates. See the resource and data source reference.

​

New features

• kosli evaluate input — evaluate a local JSON file (or stdin) against a Rego policy with no API dependency. Enables local policy development and fast iteration without a running Kosli server. See the evaluate input reference.
• --params flag for policy evaluation — pass configuration data (thresholds, expected counts, etc.) to Rego policies via --params on kosli evaluate trail, kosli evaluate trails, and kosli evaluate input. Accepts inline JSON or a file reference. Parameters are available as data.params in the policy.
• npm installation — the Kosli CLI is now available as an npm package (@kosli/cli), making it easy to install in JavaScript/Node.js toolchains.

​

Bug fixes

• Fixed Docker API version negotiation — the CLI now automatically negotiates the Docker API version with the host daemon, preventing compatibility errors after SDK upgrades.
• Fixed AWS API rate limiting — snapshot commands for ECS, S3, and Lambda environments now use adaptive retry with up to 10 attempts, preventing failures under heavy API load.
• Fixed git HEAD resolution in linked worktrees.

​

New features

• Deployment list — the repository releases page now includes a deployments tab showing a paginated list of deployments with artifact details, commit links, replaced artifacts, and compliance status.
• Filter deployments by environment — filter the deployment list and metrics by specific environments on the repository releases page.

​

Updates

• Redesigned the repository run page with improved layout, hover states, and rich tooltips showing artifact fingerprints, snapshot references, and commit details.

​

Bug fixes

• Fixed an error when viewing deployment details for artifacts with a missing replaced snapshot index.

​

Updates

• Removed deprecated kosli expect deployment command — deployment expectation is no longer required for compliance. If your pipelines still reference this command, remove or replace it.
• CI-ready Docker image — a new Alpine-based Dockerfile is available for use as a CI runner image (e.g., GitLab CI), providing the Kosli CLI alongside common CI tooling.

​

Bug fixes

• Fixed kosli get attestation-type displaying type_schema as a Go map instead of formatted JSON.
• The --debug flag now shows the HTML response body when a server error occurs, improving troubleshooting.

​

Bug fixes

• Fixed type_schema handling — the provider now correctly reads JSON objects returned by the API, replacing the previous Python repr string workaround.

​

New features

• Deployment frequency statistics — the repository releases page now shows a deployment frequency bar chart with daily counts, a median line, and summary statistics for each environment.

​

Updates

• Removed the deprecated deployments API. This aligns with the CLI removal of kosli expect deployment.

​

New features

• kosli_action resource and data source — manage webhook notification actions as Terraform resources. Create, update, and import actions by name, and read existing actions to reference in your configurations.
• kosli_policy resource and data source — manage Kosli policies as Infrastructure-as-Code. The data source exposes the policy name, description, content, and latest version.
• kosli_policy_attachment resource — manage the relationship between policies and environments, letting you attach and detach policies declaratively.

​

New features

• Repository metadata on attestations — all kosli attest commands and kosli begin trail now accept --repo-id, --repository, --repo-url, and --repo-provider flags to associate attestations and trails with their source repository. These flags are automatically populated from CI environment variables in GitHub Actions, GitLab CI, Bitbucket Pipelines, Azure DevOps, and CircleCI — no manual configuration needed. See the CI defaults reference.
• Helm chart CronJob configuration — the k8s-reporter Helm chart now lets you configure concurrencyPolicy, failedJobsHistoryLimit, and successfulJobsHistoryLimit for the reporter CronJob.

​

Updates

• --repo-url is now validated as a well-formed URL when explicitly provided.
• --repo-provider is validated against the allowed values: github, gitlab, bitbucket, azure-devops.
• For kosli attest pullrequest github and kosli attest pullrequest azure, the --repository flag now also controls which repository is queried for pull requests.

​

Bug fixes

• Fixed an issue where artifact names with leading periods were rejected. Leading periods are now trimmed automatically.

​

New features

• Attestation evidence download — a new API endpoint lets you download evidence files attached to attestations, making it easier to retrieve and audit attestation data programmatically.
• Snapshotter role — a new Snapshotter role is available for users who need to create environment snapshots and manage service accounts without full member permissions. Ideal for environment and operations teams.

​

Bug fixes

• Fixed kosli attest artifact sending empty repository information when no repo data is available.

​

New features

• kosli evaluate trail and kosli evaluate trails — evaluate one or more trails against a Rego policy and get a structured pass/fail decision. Use --attestations to filter which attestations are checked, and --output json for machine-readable results. Exit code reflects the policy decision, making it ideal for CI/CD gates. See the evaluate trail and evaluate trails reference for details.
• Multi-environment K8s reporting — kosli snapshot k8s now accepts a --config-file flag to report multiple Kosli environments in a single command. Define environment-to-namespace mappings in a YAML file instead of running the command once per environment. See the snapshot k8s reference.
• Helm chart v2.0.0 — the k8s-reporter Helm chart now uses a reporterConfig.environments list, enabling multi-environment reporting from a single chart installation. This is a breaking change from v1.x — see the chart README for migration steps.

​

Bug fixes

• Fixed handling of Python boolean (true/false) and null values in custom attestation type schemas.

​

New features

• kosli_logical_environment resource — create and manage logical environments that aggregate multiple physical environments into a single view.
• kosli_logical_environment data source — query details of existing logical environments.
• Drift detection for logical environments — Kosli now detects when the included_environments of a logical environment change outside of Terraform.
• User agent header — the provider now sends a versioned user agent on every API request, improving diagnostics.

​

Bug fixes

• Fixed a missing flow field in pull request attestation resources.
• Fixed terraform plan showing (known after apply) for the type attribute of logical environments instead of "logical".

​

New features

• kosli_environment resource — create and manage physical Kosli environments (K8S, ECS, S3, docker, server, lambda) as Terraform resources.
• kosli_environment data source — query details of existing physical environments.

​

Changes

• schema and jq_rules are now optional fields on kosli_attestation_type, allowing you to create attestation types without a validation schema.