Description: Returns the requested data for the evidence file defined by the One Model GraphQL query. Use the query to determine what data about the file is returned.
Tip
Use the Search Evidence API to return data about all the evidence files associated with a particular subject.
Since: 7.104.2
Security: Requires a valid token; requires Read permissions to the subject repository
Usage: POST /onemodel/api/v1/graphql
Sample Usage:
curl --location -X POST -H "Content-Type: application/json" -H "Authorization: Bearer *******" https://johnf.company.io/onemodel/api/v1/graphql -d '{"query":""}'
Sample query in GraphQL format (for readability):
{
evidence {
getEvidence(
repositoryKey: "commons-dev-docker-local"
path: "commons/1.0.1/manifest.json"
name: "approval-1750675650147-e36a8807-b308-4584-8a10-9c7f57879900.json"
) {
name
path
repositoryKey
downloadPath
sha256
predicateSlug
predicateCategory
predicateType
predicate
createdAt
createdBy
verified
signingKey {
alias
}
}
}
}Tip
Use a GraphQL to JSON body converter (available online) to create the proper payload for the REST API POST request. Alternatively, the GraphQL query can be used in tools such as GraphiQL.
The query uses the following criteria to determine which evidence file to include in the response:
Field | Subfield | Mandatory/Optional | Description |
|---|---|---|---|
| optional | The full repository path of the evidence file, which can be used for downloading the file. | |
|
| The evidence subject. | |
|
| mandatory | The name of the repository that contains the evidence file. |
|
| mandatory | The directory path + filename of the evidence subject. |
|
| mandatory | The filename of the evidence file. |
| optional | The checksum of the subject. |
The search query can include one or more of the following fields, which determine the data to return from the evidence file:
Field | Description |
|---|---|
| The checksum of the evidence file. |
| A simplified version of the For example, the predicateType https://jfrog.com/evidence/release-bundle/v1 is shortened to release-bundle. |
| The category in which the evidence file is classified, as defined by the
|
| The URL type associated with the predicate. For more information, see Evidence Payload. |
| The contents of the claims made in the evidence file. |
| The timestamp of when the evidence file was created. |
| The user who created the evidence. |
| Whether the evidence has been verified on the server side in Artifactory using the public key. |
| The name of the public key used to verify the evidence. |
Note
For details about fields that are common across all One Model domains, see One Model GraphQL Common Patterns and Conventions.
Sample response:
{
"data": {
"evidence": {
"getEvidence": {
"name": "approval-1750675650147-e36a8807-b308-4584-8a10-9c7f57879900.json",
"path": "commons/1.0.1/manifest.json",
"repositoryKey": "commons-dev-docker-local",
"downloadPath": "commons-dev-docker-local/.evidence/3b137c62cc4513fbd526fc664107d293e98574ee6759cff8d4ee63915769ab09/8a6c4f36883b7d9a70a503ec7363e129b6059bd00d97fb7867d03313c9942771/approval-1750675650147-e36a8807-b308-4584-8a10-9c7f57879900.json",
"sha256": "c7c394de20d5a58d365a459e14d2643d34ad6a1d86ce1dc58a5911269cf0fe4b",
"predicateSlug": "approval",
"predicateCategory": "Audit",
"predicateType": "https://jfrog.com/evidence/approval/v1",
"predicate": {
"branch": "main",
"message": "FROM python:3.11-alpine",
"revision": "7160b54d8b433e5df493dc67d139ea3660a555d6",
"url": "https://github.com/jfrog/evidence-demo.git"
},
"createdAt": "2025-06-23T10:47:29.576Z",
"createdBy": "itayke@jfrog.com",
"verified": false,
"signingKey": null
}
}
}
}Status Codes:
Code | Description |
|---|---|
200 | OK |
401 | Bad Credentials |
403 | Permission Denied |