Kolide Fleet Is Retired

Jason Meller
November 5th, 2020
Please Note:
This article was originally published on the Kolide Fleet Repository on Github On November of 2020. We occasionally update this article to answer additional questions that arisen since the original retirement announcement. Looking for an alternative? Check out our latest product.

What was Kolide Fleet?

Kolide Fleet was an open-source Osquery Fleet Manager that Kolide released in late 2017.

What does retiring entail?

Effective immediately, Kolide will no longer promote, endorse, support, or update Fleet. Any infrastructure outside of Github supporting downloads or packages will also be retired.

Since we will not be updating Fleet with any security patches or accepting bug bounty reports, it is important that you find a suitable alternative right away.

Is Kolide retiring Kolide Launcher? (The Kolide Agent)

No. Kolide Launcher is a major component of our SaaS product, and we fervently believe in keeping the endpoint agent technology open-source.

Why is Kolide retiring Fleet?

We are proud and humbled by all of the organizations using Fleet today. We think it’s a great solution to monitor server-based infrastructure using Osquery. We recognize many organizations depend on Fleet so retiring it was not a decision we took lightly.

Since 2019, Kolide has found success building a SaaS endpoint security product around the philosophy of Honest Security. This philosophy is about building a foundation of trust between the security team and the end-users of a given organization.

When Fleet is used to obtain visibility on end-user devices, it is not software that enables an honest and accountable relationship between the security team and the end-users who are subject to the data collection Fleet enables.

Specifically, Kolide Fleet allowed administrators to use Osquery to vacuum up large quantities of end-user data without providing those users with any visibility or tools to understand or control that process. Fleet does not hold security practitioners accountable for the data they collect or how it will be ultimately used. In fact, many folks reach out to us asking how to use Fleet and Osquery together to collect things like:

  • Web browser history
  • Device geolocation
  • The contents of private chat conversations
  • End-user productivity analysis (what apps are open?, which one is in foreground?, when was the mouse last moved?)

Even though we never would assist administrators of Fleet with these requests, many were able to find ways to obtain this data and ultimately use our product to achieve objectives that are antithetical to our company’s values.

At Kolide these values are non-negotiable and we no longer want to build software under our name and branding that enables those use-cases. Since releasing Fleet we have launched a successful SaaS alternative built to enable our honest security vision.

Given the facts above, we have decided it is in our best interest to retire the project and thoroughly explain our rationale to the community.

What should I use instead of Fleet?

Kolide no longer endorses the use of Fleet for monitoring end-user devices.

If you are looking to get additional visibility on end-user devices and want to do it honestly, you should check out our current offering. It’s a refreshing take on how to use technologies like Osquery and Slack to achieve the security team’s goals while simultaneously respecting end-users and their privacy.

If you use Fleet to monitor servers and are looking for a direct migration path check out FleetDM who has built an open-core paid offering on top of the original MIT licensed Kolide Fleet source code.

Also, since Fleet is open source under the permissive MIT license, you are of course free to fork it and build your own version. Our only ask is you do not associate Kolide or our branding as a means of promoting or endorsing any derivative of Fleet you create.

Where is the fleet source code?

Since we retired Kolide Fleet, several security vulnerabilities in its third party dependencies have been discovered. We do not recommend users of Fleet run the original source code without mitigating these vulnerabilities.

To discourage usage, we have deleted the code. Older versions can be found in the commit history and the past releases.

Share this story:

More articles you
might enjoy:

Introducing Deeper Integration With Your SSO Provider
Blaed Johnston
Two Years at Kolide — Creating a New Privacy Standard for Endpoint Security
Jason Meller
Deep Dives
Are Your Employees Slack Messages Leaking While Their Screen Is Locked?
Fritz Ifert-Miller
Watch a Demo
Watch a Demo