Skip to main content
We will follow an actual git commit from a CI pipeline all the way into production runtime environments. By the end, you will have queried Kosli to see an artifact’s history — from creation in CI through running in production to eventual shutdown — without any access to the production environment. We will use cyber-dojo, an open-source microservice platform whose Kosli data is public. The commit we follow fixed a misconfiguration: runner should run with three replicas but was accidentally running with one after a migration from GKE to ECS.
cyber-dojo is a web platform where teams practice TDD. It has a dozen microservices, each with its own GitHub Actions CI pipeline producing a Docker image, running in two AWS environments: aws-beta and aws-prod.

Prerequisites

Setup

Set your environment variables to use the public cyber-dojo Kosli organization:

List flows

Find out which cyber-dojo repositories have a CI pipeline reporting to Kosli:
You will see:

Follow the artifact

The commit that fixed the replica count was 16d9990 in the runner repository. Fetch its history from Kosli with kosli search, which accepts a git commit (full or short-form) or an artifact fingerprint:
You will see:
When this commit was made, the runner repository reported to a flow simply named runner. cyber-dojo’s flows have since been reorganized (today the repository reports to runner-ci, as the flow list above shows) and the original flows archived. Archiving a flow currently renames it by appending -archived-at-<timestamp>, which is why the historical evidence displays the longer name.
The History shows the artifact’s lifecycle: created by CI, running in both environments, and eventually replaced by a newer version. Has provenance: true means the artifact was reported to Kosli by a CI pipeline, so its build history is known. The compliance state COMPLIANT means all required evidence was provided before deployment. The same information is available in the Kosli web interface.

Inspect the environment snapshot

The History shows the artifact started running in snapshot aws-prod#65. Query that snapshot to see everything running in production at that moment:
The output will be:
You can see runner:16d9990 is running with 3 replicas — the fix worked. You also notice two versions of runner running simultaneously: this is a blue-green deployment in progress. runner:85d83c6 (the old version, 1 replica) will be stopped in the next snapshot.

Diff two snapshots

To see exactly what changed between snapshots aws-prod#64 and aws-prod#65:
The response will be:
This confirms that runner:16d9990 is the only new artifact in snapshot 65 — exactly the commit that fixed the replica count.

What you’ve accomplished

You have traced a git commit from its creation in CI through deployment and into production, querying its compliance state, runtime replicas, and the exact moment it appeared in the environment — all without any direct access to aws-prod. From here you can:
Last modified on June 12, 2026