Get Evidence by ID (GraphQL)

Description: Returns the requested data for a single, known evidence file as defined by its ID. The query is based on JFrog's One Model GraphQL framework.

Important

When operating in a Self-Hosted environment, you must enable the Evidence service in the system.yamlArtifactory System YAML file as a prerequisite to using this endpoint. Add the following:

evidence:
  enabled: true

Since: 7.129.1

Security: Requires a valid token; requires Read permissions to the subject repository

Usage: POST /onemodel/api/v1/graphql

Sample query:

query {
  evidence {
    getEvidenceById(id: "c953a2ecbf8a44463011aad1e892b8ae27305b624ab5681920df60a8964a2cbf evidence-123") {
      id
      name
      predicateType
      createdBy
      createdAt
    }
  }
}

Detailed Object Types

The object types that you include in the search query determine which data is returned about the evidence file.

Evidence Type

This type represents a single evidence record.

Field	Type	Description
`id`	string	A unique identifier.
`downloadPath`	string	The full path for downloading the evidence JSON file.
`name`	string	The name of the evidence file (for example, sbom.cyclonedx.json).
`sha256`	sha256	The checksum of the evidence file.
`subject`	EvidenceSubject	Details about the evidence subject.
`predicateType`	string	The URI type associated with the predicate.
`predicateSlug`	string	A simplified version of the `predicateType` provided for better readability. For example, the predicateType https://jfrog.com/evidence/release-bundle/v1 is shortened to release-bundle.
`predicate`	JSON	The contents of the claims contained in the evidence file. For more information, see Evidence Payload.Evidence Payload
`createdAt`	date	The timestamp of when the evidence file was created.
`createdBy`	string	The user or server who created the evidence.
`verified`	boolean	Indicates whether the evidence signature has been verified using the public key.
`signingKey`	EvidenceSigningKey	The name of the public key used to verify the evidence.
`providerId`	string	The ID of the system that provided the evidence.
`stageName`	string	The stage at which the evidence was added to the subject.Stages & Lifecycle

EvidenceSubject Type

This type describes the artifact or build that represents the evidence subject.

Field	Type	Description
`repositoryKey`	string	The repository that contains the subject.
`fullPath`	string	The full path to the file (<repositoryKey>/<path>/<name>).
`evidenceConnection`	EvidenceConnection	Connection to evidence associated with this subject (supports filtering & ordering).

EvidenceSigningKey Type

This type represents the key used to sign the evidence.

Field	Type	Description
`alias`	string	The alias of the signing key (for example, GPG-RSA).
`publicKey`	string	The public key used to verify the evidence signature.

Note

For details about fields that are common across all One Model domains, see One Model GraphQL Common Patterns and Conventions.

Status Codes:

Code	Message	Description
200	OK	The request was successful.
401	Bad Credentials	The request failed because the authentication token is invalid or expired.
403	Permission Denied	The request failed because the authenticated user does not have the required Read permissions for the subject repository.

Tip

For use cases and examples, see Get Evidence - Examples