Skip to main content

Documentation Index

Fetch the complete documentation index at: https://kosli-mintlify-62433367.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

In enterprises with strict network policies, all egress traffic to external services must go through an HTTP proxy. By the end of this tutorial, you will have an HTTP proxy running locally and the Kosli CLI configured to use it.
If you already have an HTTP proxy running, skip to Use the HTTP proxy with Kosli CLI.

Prerequisites

Start the HTTP proxy

We will use Tinyproxy running in Docker as our HTTP proxy. Create a minimal Tinyproxy configuration and start it: 
cat <<EOF > tinyproxy.conf
User nobody
Group nobody
Port 8888
EOF

docker run -p 8888:8888 -v $(PWD)/tinyproxy.conf:/etc/tinyproxy/tinyproxy.conf:ro kalaksi/tinyproxy
You should see Tinyproxy log output in the terminal, confirming it is listening on port 8888.

Use the HTTP proxy with Kosli CLI

In a new terminal, verify the setup by listing environments from the public cyber-dojo demo org: 
kosli list envs --org cyber-dojo --http-proxy http://localhost:8888 --api-token <your-token>
Your request is routed through the proxy and forwarded to Kosli. You should see output similar to: 
NAME                         TYPE  LAST REPORT                LAST MODIFIED              TAGS
aws-beta                     ECS   2024-04-18T15:17:54+02:00  2024-04-18T15:17:54+02:00  [url=https://beta.cyber-dojo.org/]
aws-prod                     ECS   2024-04-18T15:17:57+02:00  2024-04-18T15:17:57+02:00  [url=https://cyber-dojo.org/]
terraform-state-differ-beta  S3    2024-04-18T15:18:23+02:00  2024-04-18T15:18:23+02:00
terraform-state-differ-prod  S3    2024-04-18T15:18:17+02:00  2024-04-18T15:18:17+02:00

More examples

Once the proxy is running, any Kosli CLI command can be routed through it by adding the --http-proxy flag. Here are some common examples: Report a Docker image artifact through the proxy: 
kosli attest artifact my-app:latest \
  --artifact-type docker \
  --flow my-flow \
  --trail $(git rev-parse HEAD) \
  --name my-app \
  --http-proxy http://localhost:8888 \
  --api-token <your-token> \
  --org <your-org>
Snapshot a Kubernetes cluster through the proxy: 
kosli snapshot k8s my-k8s-env \
  --kubeconfig ~/.kube/config \
  --namespaces production \
  --http-proxy http://localhost:8888 \
  --api-token <your-token> \
  --org <your-org>
Attach a JUnit test attestation through the proxy: 
kosli attest junit \
  --name unit-tests \
  --flow my-flow \
  --trail $(git rev-parse HEAD) \
  --results-dir ./test-results \
  --http-proxy http://localhost:8888 \
  --api-token <your-token> \
  --org <your-org>
Request an approval through the proxy: 
kosli request approval my-app:latest \
  --artifact-type docker \
  --flow my-flow \
  --description "Approve release to production" \
  --http-proxy http://localhost:8888 \
  --api-token <your-token> \
  --org <your-org>

Persist the proxy configuration

Rather than passing --http-proxy on every command, save it to your Kosli config: 
kosli config --http-proxy=http://localhost:8888
All subsequent CLI commands will now route through the proxy automatically.

What you’ve accomplished

You have set up Tinyproxy as an HTTP proxy and configured the Kosli CLI to route all traffic through it. This pattern works with any HTTP proxy — replace http://localhost:8888 with your organisation’s proxy URL and run kosli config --http-proxy=<your-proxy-url> to apply it globally.
Last modified on May 6, 2026