Search Evidence (REST API)

JFrog REST APIs
Content Type
REST API

Description: Returns evidence associated with a specific repository.

Since: 7.129.1

Security: Requires a valid token; requires Read permissions to the subject repository

Usage: GET https://{{artifactory-host}}/evidence/api/v1/evidence-search

Query Parameters:

Parameter

Required/Optional

Type

Description

repository_key

required

string

The repository key containing the evidence to return.

path

optional

string

Returns all evidence whose subject is located in this path.

name

optional

string

Returns all evidence whose subject includes this name.

sha256

optional

string

Returns all evidence whose subject has a matching checksum.

Response Body:

The response is a JSON object with a field named evidence that is a JSON array. Each piece of evidence returned in the response includes the following information:

Property

Type

Description

id

string

The unique ID of the evidence item.

repository

string

The repository that contains the evidence.

path

string

The path to the evidence subject.

subject

object

Contains details about the evidence subject, including the name and version.

name

string

The name of the evidence item.

uri

string

The complete URI of the evidence item.

sha256

string

The checksum of the evidence item.

predicate_type

string

The URI type associated with the predicate.

predicate_slug

string

A simplified version of the predicate_type provided for better readability.

created_at

string

The date and time when this evidence was created (ISO 8601 format).

created_by

string

The name of the user or process that created this version.

verified

boolean

Indicates whether the evidence signature has been verified using the public key.

signing_key

object

The name of the public key used to verify the evidence.

signing_key.alias

string

The alias of the public key as defined in Artifactory.

Sample Request:

curl -X GET -H "Authorization: Bearer $JF_TOKEN" 'http://localhost:8182/evidence/api/v1/evidence-search?repository_key=catalina-dev-generic-local&sha256=e06f59f5a976c7f4a5406907790bb8cad6148406282f07cd143fd1de64ca169d'

Sample Response:

{
 "evidence": [
  {
   "id": "c953a2ecbf8a44463011aad1e892b8ae27305b624ab5681920df60a8964a2cbf",
   "repository": "catalina-dev-generic-local",
   "path": "catalina-1.0.0.txt",
   "subject": {
    "name": "",
    "version": ""
   },
   "name": "code-review-1764774338805-fad48e87.json",
   "uri": "catalina-dev-generic-local/.evidence/317033130e3e29ba865eda5505b478460e7285e598be883cbfe47907a448e16d/e06f59f5a976c7f4a5406907790bb8cad6148406282f07cd143fd1de64ca169d/code-review-1764774338805-fad48e87.json",
   "sha256": "78bf5514e4c09eb1367a370337720509fc2bcbcfc770fe986eda758cbf6e4b7c",
   "predicate_category": "Custom",
   "predicate_type": "https://jfrog.com/evidence/code-review/v0.1",
   "predicate_slug": "code-review",
   "created_at": "2024-11-13T22:44:32.001Z",
   "created_by": "admin",
   "verified": true,
   "signing_key": {
    "alias": "PGP-RSA-2048"
   }
  }
 ]
}

Status Codes:

Code

Description

200

Success

400

Bad Request

403

Permission Denied

404

Not Found