kosli-dev · dangrondahl · Mar 25, 2026 · Mar 25, 2026 · Mar 25, 2026 · Mar 25, 2026
@@ -159,7 +159,19 @@
             "group": "Troubleshooting",
             "icon": "wrench",
             "pages": [
-              "troubleshooting/what_do_i_do_if_kosli_is_down"
+              "troubleshooting/what_do_i_do_if_kosli_is_down",
+              "troubleshooting/docker_api_version_error",
+              "troubleshooting/zsh_no_such_user",
+              "troubleshooting/github_kosli_api_token",
+              "troubleshooting/subshell_stderr",
+              "troubleshooting/whitespace_path"
+            ]
+          },
+          {
+            "group": "FAQ",
+            "icon": "circle-question",
+            "pages": [
+              "faq/faq"
             ]
           },
           {

@@ -0,0 +1,109 @@
+---
+title: FAQ
+description: "Frequently asked questions"
+---
+
+<AccordionGroup>
+
+<Accordion title="Where can I find API documentation?">
+Kosli API documentation is available for logged-in Kosli users at [app.kosli.com/api/v2/doc](https://app.kosli.com/api/v2/doc/).
+You can also find the link at [app.kosli.com](https://app.kosli.com) after clicking your avatar (top-right corner of the page).
+</Accordion>
+
+<Accordion title="Do I have to provide all the flags all the time?">
+A number of flags won't change their values often (or at all) between commands, like `--org` or `--api-token`. Some will differ between e.g. workflows, like `--flow`. You can define them as environment variables to avoid unnecessary redundancy. Check [Environment variables](/getting_started/install#assigning-flags-via-environment-variables) to learn more.
+</Accordion>
+
+<Accordion title="What is dry run and how to use it?">
+You can use dry run to disable writing to `app.kosli.com` — e.g. if you're just trying things out, or troubleshooting (dry run will print the payload the CLI would send in a non dry run mode).
+
+There are three ways to enable a dry run:
+1. Use the `--dry-run` flag (no value needed) to enable it per command
+2. Set the `KOSLI_DRY_RUN` environment variable to `true` to enable it globally (e.g. in your terminal or CI)
+3. Set the `KOSLI_API_TOKEN` environment variable to `DRY_RUN` to enable it globally (e.g. in your terminal or CI)
+</Accordion>
+
+<Accordion title="What is the --config-file flag?">
+A config file is an alternative to using Kosli flags or environment variables. Usually you'd use a config file for values that rarely change — like api token or org — but you can represent all Kosli flags in a config file. The key for each value is the same as the flag name, capitalized, so `--api-token` becomes `API-TOKEN`, and `--org` becomes `ORG`, etc.
+
+You can use JSON, YAML, or TOML format:
+
+<CodeGroup>
+```json kosli-conf.json
+{
+  "ORG": "my-org",
+  "API-TOKEN": "123456abcdef"
+}
+```
+
+```yaml kosli-conf.yaml
+ORG: "my-org"
+API-TOKEN: "123456abcdef"
+```
+
+```toml kosli-conf.toml
+ORG = "my-org"
+API-TOKEN = "123456abcdef"
+```
+</CodeGroup>
+
+When calling a Kosli command you can skip the file extension. For example, to list environments with `org` and `api-token` in the configuration file:
+
+```shell
+kosli list environments --config-file kosli-conf
+```
+
+`--config-file` defaults to `kosli`, so if you name your file `kosli.<yaml|toml|json>` and the file is in the same location as where you run Kosli commands from, you can skip the `--config-file` altogether.
+</Accordion>
+
+<Accordion title="Reporting the same artifact and evidence multiple times">
+If an artifact or evidence is reported multiple times there are a few corner cases:
+
+**Template** — When an artifact is reported, the template for the flow is stored together with the artifact. If the template has changed between reports, the last template is considered the template for that artifact.
+
+**Evidence** — If a given named evidence is reported multiple times, the compliance status of the last reported version is considered the compliance state of that evidence. If an artifact is reported multiple times with different git-commits, the last reported version of the named commit-evidence is considered the compliance state.
+
+**Evidence outside the template** — If an artifact has evidence (commit or artifact evidence) that is not part of the template, the state of the extra evidence will affect the overall compliance of the artifact.
+</Accordion>
+
+<Accordion title="How to set compliant status of generic evidence">
+The `--compliant` flag is a [boolean flag](#boolean-flags).
+To report generic evidence as non-compliant use `--compliant=false`:
+
+```shell
+kosli report evidence artifact generic server:1.0 \
+  --artifact-type docker \
+  --name test \
+  --description "generic test evidence" \
+  --compliant=false \
+  --flow server
+```
+
+`--compliant` is set to `true` by default, so to report as compliant simply skip the flag altogether.
+</Accordion>
+
+</AccordionGroup>
+
+## Boolean flags
+
+Flags with values can usually be specified with an `=` or with a **space** as a separator.
+For example, `--artifact-type=file` or `--artifact-type file`.
+However, an explicitly specified boolean flag value **must** use an `=`.
+For example, if you try this:
+```
+kosli attest generic Dockerfile --artifact-type file  --compliant true ...
+```
+You will get an error stating:
+```
+Error: accepts at most 1 arg(s), received 2
+```
+Here, `--artifact-type file` is parsed as if it was `--artifact-type=file`, leaving:
+```
+kosli attest generic Dockerfile --compliant true ...
+```
+Then `--compliant` is parsed as if *implicitly* defaulting to `--compliant=true`, leaving:
+```
+kosli attest generic Dockerfile true ...
+```
+The parser then sees `Dockerfile` and `true` as the two
+arguments to `kosli attest generic`.
@@ -1,30 +1,30 @@
 ---
 title: Kosli Learning Labs
 description: "A hands-on five-lab series taking you from your first Kosli account to full supply chain compliance enforcement."
 icon: flask
 ---

 These labs provide a progressive, practical introduction to Kosli's core features. You'll learn how to track your software delivery process from build through deployment, establish compliance requirements, and maintain complete visibility into your software supply chain.

 Each lab builds on the previous one — complete them in order.
 
 <Info>
-  Want something shorter first? [Try Kosli locally](/tutorials/get_familiar_with_Kosli) is a 10-minute Docker-based demo that requires no GitHub account or CI pipeline.
+  Want something shorter first? [Try Kosli locally](/tutorials/try_kosli_locally) is a 10-minute Docker-based demo that requires no GitHub account or CI pipeline.
 </Info>
 
 <Info>
  **Prerequisites**: A GitHub account, basic familiarity with Git and CI/CD concepts. No prior Kosli experience required.
 </Info>

 <CardGroup cols={2}>
  <Card title="Lab 1: Get Ready" icon="rocket" href="/labs/lab-01-get-ready">
    Create a Kosli account, fork the sample repository, and verify the CI/CD pipeline runs successfully.
  </Card>
  <Card title="Lab 2: Flows and Trails" icon="code-branch" href="/labs/lab-02-flows-and-trails">
    Install the Kosli CLI, create Flows and Trails, and integrate them into your GitHub Actions workflow.
  </Card>
  <Card title="Lab 3: Build Controls" icon="shield-check" href="/labs/lab-03-build-controls">
    Attest artifacts, attach JUnit test results, and generate and attest a Software Bill of Materials.
  </Card>
  <Card title="Lab 4: Release Controls" icon="lock" href="/labs/lab-04-release-controls">
    Define compliance requirements with Flow Templates and gate deployments with `kosli assert artifact`.
@@ -35,7 +35,7 @@
 </CardGroup>

 <Note>
  The labs use a sample Java application with a pre-built GitHub Actions pipeline. You'll progressively add Kosli integration to that pipeline across Labs 2–5.
 </Note>

 The standalone lab repository is also available at [github.com/kosli-dev/labs](https://github.com/kosli-dev/labs).
@@ -0,0 +1,23 @@
+---
+title: "Docker API version error in GitHub Actions"
+description: 'How to fix the "client version 1.47 is too new" error when running the Kosli CLI in GitHub Action workflows.'
+---
+
+## Error
+
+```
+Error response from daemon: client version 1.47 is too new. Maximum supported API version is 1.45
+```
+
+## Solution
+
+Set the `DOCKER_API_VERSION` environment variable in your workflow:
+
+```yaml
+env:
+  DOCKER_API_VERSION: "1.45"
+```
+
+## Context
+
+The latest Kosli CLI defaults to Docker API version 1.47, but GitHub Action workflows currently support a maximum of 1.45.
@@ -0,0 +1,21 @@
+---
+title: "GitHub can't see KOSLI_API_TOKEN secret"
+description: "How to make the KOSLI_API_TOKEN secret available in GitHub Actions workflows."
+---
+
+## Error
+
+Kosli CLI commands fail in GitHub Actions because `KOSLI_API_TOKEN` is not set, even though the secret exists in your repository.
+
+## Solution
+
+Add the secret to your workflow's environment variables explicitly:
+
+```yaml
+env:
+  KOSLI_API_TOKEN: ${{ secrets.kosli_api_token }}
+```
+
+## Context
+
+Secrets in GitHub Actions are not automatically exported as environment variables. You must map them explicitly in each workflow or job.
@@ -0,0 +1,28 @@
+---
+title: "CLI in subshell captures stderr"
+description: "How to handle Kosli CLI debug output being captured in subshell variables in CI workflows."
+---
+
+## Error
+
+When capturing Kosli CLI output in a subshell variable in CI, the variable contains debug output mixed with the expected value:
+
+```shell
+DIGEST="$(kosli fingerprint "${IMAGE_NAME}" --artifact-type=docker)"
+
+echo "DIGEST=${DIGEST}"
+DIGEST=[debug] calculated fingerprint: 2c6079df5829...
+2c6079df58292ed10e8074adcb74be549b7f841a1bd8266f06bb5c518643193e
+```
+
+## Solution
+
+Explicitly set `--debug=false` when running Kosli CLI commands in a subshell:
+
+```shell
+DIGEST="$(kosli fingerprint "${IMAGE_NAME}" --artifact-type=docker --debug=false)"
+```
+
+## Context
+
+The Kosli CLI writes debug information to `stderr` and all other output to `stdout`. In a local terminal, a `$(subshell)` captures only `stdout`. However, in many CI workflows (including GitHub and GitLab), `stdout` and `stderr` are multiplexed together, causing debug output to leak into captured variables.
@@ -0,0 +1,18 @@
+---
+title: "Path/Image name is a single whitespace character"
+description: "How to fix the whitespace path error when using multi-line Kosli CLI commands."
+---
+
+## Error
+
+```
+Error: failed to calculate artifact fingerprint: stat  : no such file or directory. The directory path is ' '.
+```
+
+## Solution
+
+Check your multi-line command for extraneous whitespace after line-continuation backslashes (`\`). Remove any spaces or tabs after the `\` on each line.
+
+## Context
+
+When using multi-line commands, whitespace added after a line-continuation backslash is interpreted as the artifact path or image name argument.
@@ -0,0 +1,25 @@
+---
+title: "zsh: no such user or named directory"
+description: "How to fix the zsh error when using arguments starting with ~ in Kosli CLI commands."
+---
+
+## Error
+
+```shell
+kosli list snapshots prod ~3..NOW
+```
+```plaintext
+zsh: no such user or named directory: 3..NOW
+```
+
+## Solution
+
+Wrap the argument in quotation marks (single or double):
+
+```shell
+kosli list snapshots prod '~3..NOW'
+```
+or
+```shell
+kosli list snapshots prod "~3..NOW"
+```