Add an Attachment to Evidence
You can attach a single, unstructured file — such as a PDF, penetration test report, signed contract, or architectural diagram — during the evidence creation process. This feature provides a tamper-proof, signed container for both your structured evidence and unstructured data, ensuring a complete end-to-end audit trail.
The attachment's metadata (including its name, SHA256 checksum, and file type) is embedded directly into the extended in-toto statement to ensure integrity.
You can add an attachment to your evidence using either the REST APIs or the JFrog CLI.
Updated about 5 hours ago