This repository contains hands-on learning labs to help DevOps engineers, Platform engineers, and software developers get familiar with Kosli - a DevOps platform for software supply chain visibility and compliance.
These labs provide a progressive, practical introduction to Kosli's core features. You'll learn how to track your software delivery process from build through deployment, establish compliance requirements, and maintain complete visibility into your software supply chain.
Each lab builds on the previous one, taking you from initial setup through runtime compliance enforcement.
- A GitHub account
- Basic familiarity with Git, CI/CD concepts, and command line
- No prior Kosli experience required
Set up your Kosli account and verify the sample application pipeline.
You'll learn:
- Creating a Kosli account and organization
- Creating a copy of the sample repository
- Understanding the existing CI/CD pipeline
Install the Kosli CLI and start tracking your delivery process.
You'll learn:
- Installing and configuring the Kosli CLI
- Creating Flows to represent your CI/CD pipeline
- Beginning Trails to track individual executions
- Integrating Kosli into your GitHub Actions workflow
Record evidence about your artifacts and build process.
You'll learn:
- Attesting artifacts (binaries and Docker images)
- Attaching JUnit test results
- Generating and attesting Software Bill of Materials (SBOM)
- Understanding the attestation audit trail
Track what's running in production and enforce compliance policies.
You'll learn:
- Creating Kosli Environments
- Snapshotting Docker environments
- Defining compliance policies
- Enforcing policy requirements
- Viewing compliance status
Start with Lab 1: Get Ready and work through the labs sequentially. Each lab includes:
- Clear learning objectives
- Step-by-step instructions
- Verification checklists
- Links to relevant Kosli documentation
If you encounter issues or have questions:
- Check the Kosli Documentation
- Review the verification checklist in each lab
- Contact Kosli Support
See LICENSE file for details.