Access compliance and security evidence items generated during workflow execution to meet audit and regulatory requirements. Use evidence data to verify security scan results, software bills of materials (SBOM), attestations, and other compliance artifacts from workflow runs.
| Before you begin, ensure your workflow publishes evidence using the appropriate action. Refer to Publish evidence items for configuration details. |
Access evidence from workflow runs
To navigate to evidence data for a specific workflow run:
-
Select
, then select an organization. -
Select Runs from the left panel. The runs list displays workflow runs for the selected organization.
-
Select the run name link for the workflow run you want to analyze. The run details page displays.
-
Select the Jobs tab in the left panel.
-
Select the EVIDENCE tab in the right panel. The evidence interface displays with job-based evidence organization.
Navigate the evidence interface
The evidence interface organizes compliance artifacts by workflow job execution. Use the interface controls to locate and review specific evidence items.
Use workflow view controls
To navigate the evidence display:
-
Switch between workflow views by selecting
.-
Graphical view displays jobs in a visual workflow representation
-
Outline view displays jobs in a hierarchical list format
-
-
Select a job that contains evidence in the left panel. The evidence details display in the right panel for the selected job.
Review evidence details
The evidence interface provides tools to access, review, and manage compliance artifacts.
Access evidence content
To review evidence data:
-
Select a job containing evidence from the job list. The evidence content displays in the right panel.
-
Review the evidence in the default formatted view. The interface presents evidence with appropriate formatting for readability.
-
Switch to raw format by selecting Raw. The raw view displays the unformatted evidence data for technical analysis.
Manage evidence data
To work with evidence files:
-
Download evidence by selecting
.
The evidence file downloads to your local system for offline analysis. -
Copy evidence content by selecting
.
The evidence content copies to your clipboard for use in other tools or documentation.
Interpret evidence types
Evidence items may include:
-
Security scan results: Vulnerability findings, security analysis reports, and compliance check outcomes
-
Software bills of materials (SBOM): Component inventories, dependency lists, and license information
-
Attestations: Digital signatures, verification records, and compliance certifications
-
Custom evidence items: Workflow-specific compliance artifacts and audit trail information
Use evidence data to demonstrate compliance, support audit requirements, and verify security posture for your applications.