Description: Returns the requested data about evidence files associated with the subject defined by the criteria in the GraphQL query. Use the query to define which subjects should return evidence and what evidence data is included about each one.
Tip
Use the Get Evidence API to return the details of a specific evidence file returned by this API.
Since: 7.104.2
Security: Requires a valid token; requires Read permissions to the subject repository
Usage: POST /onemodel/api/v1/graphql
Sample Usage:
curl --location -X POST -H "Content-Type: application/json" -H "Authorization: Bearer *******" https://johnf.company.io/onemodel/api/v1/graphql -d '{"query":""}'
Sample query in GraphQL format (for readability):
{ evidence { searchEvidence( where: {hasSubjectWith: {projectKey: "catalina", repositoryKey: "commons-dev-generic-local", path: "1/a", name: "file.txt", sha256:"69d29925ba75eca8e67e0ad99d1132b47d599c206382049bc230f2edd2d3af30"}} ) { totalCount pageInfo { hasNextPage hasPreviousPage startCursor endCursor } edges { cursor node { name path projectKey repositoryKey downloadPath sha256 predicateSlug predicateCategory predicateType predicate createdAt createdBy verified signingKey { alias } } } } } }
Sample query after conversion to JSON (for purposes of execution):
{ "query": "{ evidence { searchEvidence( where: {hasSubjectWith: {projectKey: \"catalina\", repositoryKey: \"commons-dev-generic-local\", path: \"1/a\", name: \"file.txt\", sha256:\"69d29925ba75eca8e67e0ad99d1132b47d599c206382049bc230f2edd2d3af30\"}} ) { totalCount pageInfo { hasNextPage hasPreviousPage startCursor endCursor } edges { cursor node { name path repositoryKey downloadPath sha256 predicateSlug predicateCategory predicateType predicate createdAt createdBy verified publicKey { alias } } } } }}" }
Tip
Use a GraphQL to JSON body converter (available online) to create the proper payload for the REST API POST request. Alternatively, the GraphQL query can be used in tools such as GraphiQL.
The search query uses the following filter criteria to determine which evidence subjects are included in the response:
Property | Sub-property | Mandatory/Optional | Description |
---|---|---|---|
| Defines the filter criteria related to the evidence subject. | ||
| optional | ||
| optional | The repository key related to the evidence file. If this property is not defined, the NoteIf both the | |
| optional | The directory path. | |
| optional | The subject filename. | |
| optional | The checksum of the subject. |
The search query can include one or more of the following properties, which determine the data to return from each evidence file associated with the defined subject:
Property | Sub-property | Description |
---|---|---|
| Defines which data to return from each evidence file associated with the defined subject. | |
| The name of the evidence file. | |
| The directory path of the evidence subject + the filename of the subject. | |
| The name of the repository that contains the evidence file. | |
| The full repository path of the evidence file, which can be used for downloading the file. | |
| The checksum of the evidence file. | |
| A simplified version of the predicateType (after removing the http:// or https:// schema, the query string, the trailing version, and the jfrog.com domain) provided for better readability. For example, the predicateType https://jfrog.com/evidence/release-bundle/v1 is shortened to release-bundle. | |
| The category in which the evidence file is classified. Categories include:
| |
| The URL type associated with the predicate. For more information, see Evidence Payload. | |
| The contents of the claims made in the evidence file. | |
| The timestamp of when the evidence file was created. | |
| The user who created the evidence. | |
| Whether the evidence has been verified on the server side in Artifactory using the public key. | |
| The name of the public key used to verify the evidence. |
Note
As a general rule, it is recommended to limit the response data to those properties that are actually of interest. It is also recommended to avoid including properties such as predicate
, which are relatively data-heavy. After returning the list of evidence files associated with the subject, you can use the Get Evidence API to return the predicate (that is, the contents) of the specific evidence file you are interested in.
Sample response:
{
"data": {
"evidence": {
"searchEvidence": {
"totalCount": 3,
"pageInfo": {
"hasNextPage": false,
"hasPreviousPage": false,
"startCursor": "ZXZpZGVuY2U6MQ==",
"endCursor": "ZXZpZGVuY2U6OA=="
},
"edges": [
{
"cursor": "ZXZpZGVuY2U6MQ==",
"node": {
"name": "code-review-1723466456662.json",
"path": "1/a/file.txt",
"repositoryKey": "commons-dev-generic-local",
"downloadPath": "commons-dev-generic-local/.evidence/f9f3100eea27f7884a9f3e6883d22191cc6cfd4a5421f2617bcf6b42f9a2f7a1/69d29925ba75eca8e67e0ad99d1132b47d599c206382049bc230f2edd2d3af30/code-review-1723466456662.json",
"sha256": "8b252e932373e05f82e5e1771505cae1e485736c2a48530c0ddc9fb3ae0a7767",
"predicateSlug": "code-review",
"predicateCategory": "Custom",
"predicateType": "https://jfrog.com/evidence/code-review/v0.1",
"predicate": {
"commiter": "Dennis Sheridan",
"review-result": "PASSED",
"reviewLink": "https://git.jfrog.com/commons/abc",
"reviewer": "Mickey Keller",
"timestamp": "2030-01-01T00:00:00.000Z"
},
"createdAt": "2025-01-01T00:00:00.000Z",
"createdBy": "admin",
"verified": false
"publicKey": {
"alias": "RSA-4096"
}
}
},
{
"cursor": "ZXZpZGVuY2U6NQ==",
"node": {
"name": "code-review-1723477086000.json",
"path": "1/a/file.txt",
"repositoryKey": "commons-dev-generic-local",
"downloadPath": "commons-dev-generic-local/.evidence/f9f3100eea27f7884a9f3e6883d22191cc6cfd4a5421f2617bcf6b42f9a2f7a1/69d29925ba75eca8e67e0ad99d1132b47d599c206382049bc230f2edd2d3af30/code-review-1723477086000.json",
"sha256": "e4dea090445947bf1b1657ad3f1e06948d5d9951d6ec22ded8efc056c26c4a21",
"predicateSlug": "code-review",
"predicateCategory": "Custom",
"predicateType": "https://jfrog.com/evidence/code-review/v0.1",
"predicate": {
"commiter": "Dennis Sheridan",
"review-result": "PASSED",
"reviewLink": "https://git.jfrog.com/commons/abc",
"reviewer": "Itay Keller",
"timestamp": "2030-01-01T00:00:00.000Z"
},
"createdAt": "2025-01-01T00:00:00.000Z",
"createdBy": "super-long-token-name-that-breaks-creating-and-promoting-rele...",
"verified": false
"publicKey": {
"alias": "RSA-4096"
}
}
},
{
"cursor": "ZXZpZGVuY2U6OA==",
"node": {
"name": "code-review-1723482847592.json",
"path": "1/a/file.txt",
"repositoryKey": "commons-dev-generic-local",
"downloadPath": "commons-dev-generic-local/.evidence/f9f3100eea27f7884a9f3e6883d22191cc6cfd4a5421f2617bcf6b42f9a2f7a1/69d29925ba75eca8e67e0ad99d1132b47d599c206382049bc230f2edd2d3af30/code-review-1723482847592.json",
"sha256": "e4dea090445947bf1b1657ad3f1e06948d5d9951d6ec22ded8efc056c26c4a21",
"predicateSlug": "code-review",
"predicateCategory": "Custom",
"predicateType": "https://jfrog.com/evidence/code-review/v0.1",
"predicate": {
"commiter": "Dennis Sheridan",
"review-result": "PASSED",
"reviewLink": "https://git.jfrog.com/commons/abc",
"reviewer": "Mickey Keller",
"timestamp": "2030-01-01T00:00:00.000Z"
},
"createdAt": "2025-01-01T00:00:00.000Z",
"createdBy": "super-long-token-name-that-breaks-creating-and-promoting-rele...",
"verified": false
"publicKey": {
"alias": "RSA-4096"
}
}
}
]
}
}
}
}
Status Codes:
Code | Description |
---|---|
200 | OK |
401 | Bad Credentials |
403 | Permission Denied |