Deploy Evidence

JFrog REST APIs
Content Type
REST API

Subscription Information

This feature is supported with the Enterprise+ license.

Description: Deploys an evidence file for the designated subject that complies with the DSSE framework and the in-toto Attestation Framework. For details about the sequence of events during deployment, see Evidence Deployment Workflow.Evidence Deployment Workflow

Important

This API endpoint deploys an external evidence file that was created elsewhere. An efficient method for attaching evidence to a subject, such as an artifact, is to use the Create Evidence CLI. Using the CLI ensures that the payload conforms to the in-toto framework and that the envelope conforms to the DSSE framework. The CLI invokes the Deploy Evidence API to upload the evidence to Artifactory.Evidence PayloadEvidence Envelope

Since: 7.104.2

Security: Requires a valid token; requires Read and Annotate permissions to the subject repository path

Note

It is possible to use a scoped token based on a specified repository, or (starting with release 7.115.1) specified artifacts. Using a scoped token enables administrators to limit users to specific resources when deploying evidence. In both cases, the scoped token must include the Annotate action. For more information, see Create Scoped Token.Artifactory 7.115.3 Cloud

Usage: POST /evidence/api/v1/subject/{subject-repo-path}

Content Type: application/json

Sample Request:

curl -T evidence.json -X POST "{artifactory-host}/evidence/api/v1/subject/{subject-repository-path}

Sample Response:

{
    "repository": "commons-dev-generic-local",
    "path": "commons/1.0.0/file.txt",
    "name": "code-review-1717748704938.json",
    "uri": "commons-dev-generic-local/.evidence/6899195b7f70e1362509b729a278ee58311b366f38630281c70dfc2ebeb20f4d/69d29925ba75eca8e67e0ad99d1132b47d599c206382049bc230f2edd2d3af30/code-review-1717748704938.json",
    "sha256": "cb3ba23a1da137668c03fd609b6fc4c1a35b6fd5cc98cce238465f8170a57a7a",
    "predicate_category": "Quality",
    "predicate_type": "https://jfrog.com/evidence/code-review/v0.1",
    "predicate_slug": "code-review",
    "created_at": "2025-01-01T00:00:00.000Z",
    "created_by": "admin"
}

Status Codes:

Code

Description

201

Created

401

Bad Credentials

403

Permission Denied

404

Not Found