Evidence JSON Output Format
{
"schemaVersion": "1.1",
"subject": {
"path": "cli-sigstore-test/readme.txt",
"sha256": "4bf2da010af20d8ed0364caf14f90bcab22b312520c68b9a01bb3479ba9a742c"
},
"evidenceVerifications": [
{
"mediaType": "sigstore.bundle",
"downloadPath": "cli-sigstore-test/.evidence/9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6/4bf2da010af20d8ed0364caf14f90bcab22b312520c68b9a01bb3479ba9a742c/in-toto-1754997455458-6c59e813.sigstore.json",
"evidenceSubjectSha256": "4bf2da010af20d8ed0364caf14f90bcab22b312520c68b9a01bb3479ba9a742c",
"predicateType": "in-toto",
"createdBy": "internal",
"createdAt": "2025-08-12T11:17:35.226Z",
"verificationResult": {
"sigstoreBundleVerificationStatus": "success",
"keySource": "Sigstore Bundle Key",
"sigstoreBundleVerificationResult": {
"mediaType": "application/vnd.dev.sigstore.verificationresult+json;version=0.1",
"signature": {
"certificate": {
"certificateIssuer": "CN=sigstore-intermediate,O=sigstore.dev",
"subjectAlternativeName": "[email protected]",
"issuer": "https://github.com/login/oauth"
}
},
"verifiedTimestamps": [
{
"type": "Tlog",
"uri": "https://rekor.sigstore.dev",
"timestamp": "2025-08-12T14:13:59+03:00"
}
],
"statement": {
"_type": "https://in-toto.io/Statement/v0.1",
"subject": [
{
"name": "readme.txt",
"digest": {
"sha256": "4bf2da010af20d8ed0364caf14f90bcab22b312520c68b9a01bb3479ba9a742c"
}
}
],
"predicateType": "in-toto",
"predicate": {
"signatures": [
{
"keyid": "cccc5b89f21daf1a830fb2ed57e58a4db2c69a1ce890f75fed8c224ff859ac52",
"sig": "60072285b50920cb9d1b971a26c3ffe9c38f0a40613bf34732e7f822427140d2d41be2171488c80ae3108159f1975d928079d23ede5bc8815aa463c5e3ba6fee3eb4803f7edbdf2b13749c7545147cb06ca7c4eb36c0e558e59e47abfd37e51396556440911a8669de033ce53081113bb7b6109387c75b5ad7683ca09fed54e75e79cc830a5b345c95f2dddbc2e3a4a13957cc79abf722a814a006ef1884de076555be24117792e56ab0bdd356353f9dfa59ae1b126fb4cdf35bd9f9bb7c3318493daa67c71b9ca52beedeaef8ec51352e4935817059a0eea0551831307bd32f56a67052fc0a49ea78a79fa795d7ad0e91ba1628c8073352bb87cf9a30c5e5e8"
}
],
"signed": {
"_type": "link",
"byproducts": {},
"command": [],
"environment": {},
"materials": {
"cli-sigstore-test/readme.txt": {
"sha256": "4bf2da010af20d8ed0364caf14f90bcab22b312520c68b9a01bb3479ba9a742c"
}
},
"name": "review",
"products": {}
}
}
}
}
},
"sigstoreBundle": {
"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json",
"verificationMaterial": {
"certificate": {
"rawBytes": "MIIC1DCCAlmgAwIBAgIULRjHOqv+rJhF/G0lBZoLTS+aVIgwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwODEyMTExMzU4WhcNMjUwODEyMTEyMzU4WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6ii+mTbtyWFX4wuwns1VVG4PgfZFgGE8GoR80QrZwO+43xhqwQPMb10K6u7HZpAtmd/R4w20Ur1bf5IWynu/ZaOCAXgwggF0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUQ6s/QhpWBh5htZS1sitnozNuxtcwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIQYDVR0RAQH/BBcwFYETbS5uLnNib2V2QGdtYWlsLmNvbTAsBgorBgEEAYO/MAEBBB5odHRwczovL2dpdGh1Yi5jb20vbG9naW4vb2F1dGgwLgYKKwYBBAGDvzABCAQgDB5odHRwczovL2dpdGh1Yi5jb20vbG9naW4vb2F1dGgwgYsGCisGAQQB1nkCBAIEfQR7AHkAdwDdPTBqxscRMmMZHhyZZzcCokpeuN48rf+HinKALynujgAAAZid/KpWAAAEAwBIMEYCIQC07aQIs2buIKMKvU/FTBra5DIWmQijsXeJmsJ2R7skDAIhAP9OL53vLhurZmkdvZY7z8syIz6MWx0Nn9z1BRve+zr0MAoGCCqGSM49BAMDA2kAMGYCMQCINrOMw7IQwQeV+sL/pUuKqyfgVIPoyIfZAvkHUahZxPQr+MwuZyKtjlTERed+qysCMQDOmlB5P0nbgYf729X3jNQVogjudb5gvzCh2q+5DNsL2MU8V8LMU9MClqbS2Phnaa0="
},
"tlogEntries": [
{
"logIndex": "384663545",
"logId": {
"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
},
"kindVersion": {
"kind": "dsse",
"version": "0.0.1"
},
"integratedTime": "1754997239",
"inclusionPromise": {
"signedEntryTimestamp": "MEQCIEvlmHCCpqe/SESzSiJYs7I0l1xo0wjkp55Hqzs7PZyfAiAQBWip2bdLC9jGdrqC5jUh7jpDXtMspm39WgHpY1ZQZw=="
},
"inclusionProof": {
"logIndex": "262759283",
"rootHash": "T3suG/0m4Ug8VVFRouRwMwkOCiaKfwCCXVx5Wbo7tZY=",
"treeSize": "262759291",
"hashes": [
"B+TQOcmTpwvR7G8ib0PYHPux1+uy//RvneS09HC1UUc=",
"8yj3IhuZYmqrD6MAMXRVRff0qPr7Pps+wFydkUu/2nk=",
"gnB97HxI1VEgkzYsrE6PUaMlAbZKlus0djZC96viFVk=",
"bulbrs9YBjTw6V+Fm9+qTpX2+VhX3sysIqE3FGmh6DA=",
"s37ryJoKRAn2KLzM0fSpFVxCTEIu8q0fE95bzCU6tgQ=",
"uC6W3RFv5bJStEw21zqnzQbrSiFihy8ptckzJFcSxRg=",
"xtyEVphcEzG/96KNmhNIKFSjUXgXrZmFOV1O1a9b9zs=",
"FF3tLh/GLnFFnqdFtgf8MwSb/O9LMy2pjCY7PuO1DW8=",
"YoEgIo6UbIQG1m4JekwsbsnWIOg1aPWFbdmpdInK4T8=",
"2VpjBQesVps7aYCGSoTnLDheXemnuKDJZV5h0TIwfnk=",
"A+pf5LrRaw1pUIBrEXvxlCBSrpGYwKUSUUR+8TZzHHw=",
"A2DD/z4NIt/ds/ydjXNGDrRNsoYzYJeVOLscCpnZoRE=",
"RXVm91E5aUthTwjsXUzPY4k6FpvmOU7CZf0CSgz/tmw=",
"WPadEZDHN5Cvj87YFyTrARGDa938D6WMdci1PUfEFO4=",
"hk65QDLT+VxJCmuxqqNkZmezcTNQnirH/6iH4JTnz+M=",
"jkSPx40FxcexzA4515LOSyhJ2X2zeK5UINJ5J+3SiaY=",
"4UEb5oiYfLnEfmBDb+rZMlzYP20NXNd6288+yuM/qus=",
"Q8AUdGrLOK/+q7Zpb5T3hpo2AMEg3qW2VHw5OtFthRI=",
"wLANT0NMxIRh/p5rRcam4MppSIbUXIfT1Ht9FQA2XnI="
],
"checkpoint": {
"envelope": "rekor.sigstore.dev - 1193050959916656506\n262759291\nT3suG/0m4Ug8VVFRouRwMwkOCiaKfwCCXVx5Wbo7tZY=\n\n— rekor.sigstore.dev wNI9ajBGAiEAkSaK5YnTI4HHuCCGQk5e2wqAEl0M3HxSGWaWZBKpA4gCIQDIlARnPTRtmyBmrX7F2mfHXm1jeJCDkSfCJMDhE68mRA==\n"
}
},
"canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZW52ZWxvcGVIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiN2VjYWRkZDcwNGQ3OTVlODY2OTZlZmVmYWY3YWQ1MGJkZTMyNTViYjBmNGU5ZThkOTkzZjVmMWMxYWZiNTc5NCJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6ImFjYTFjNjQ1YmY3YWI0N2Y4ZGZiNWFlNTMwYzQ3Y2EyODZlZDk3ZjQyYmI3MGQ3MWJlNjk5ZTk3MDI3ZjNlNjkifSwic2lnbmF0dXJlcyI6W3sic2lnbmF0dXJlIjoiTUVRQ0lCRmdadVhKUjhlRWJtTERjSW1GSWx5amVFQTJrejRzTFo2RlBlTmQ1VHF2QWlCczFIWktxLzFrQlpaUFBIRGIxRlJWdytzNmVDN2FSVGN4RXg0T2pFOWFKQT09IiwidmVyaWZpZXIiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VNeFJFTkRRV3h0WjBGM1NVSkJaMGxWVEZKcVNFOXhkaXR5U21oR0wwY3diRUphYjB4VVV5dGhWa2xuZDBObldVbExiMXBKZW1vd1JVRjNUWGNLVG5wRlZrMUNUVWRCTVZWRlEyaE5UV015Ykc1ak0xSjJZMjFWZFZwSFZqSk5ValIzU0VGWlJGWlJVVVJGZUZaNllWZGtlbVJIT1hsYVV6RndZbTVTYkFwamJURnNXa2RzYUdSSFZYZElhR05PVFdwVmQwOUVSWGxOVkVWNFRYcFZORmRvWTA1TmFsVjNUMFJGZVUxVVJYbE5lbFUwVjJwQlFVMUdhM2RGZDFsSUNrdHZXa2w2YWpCRFFWRlpTVXR2V2tsNmFqQkVRVkZqUkZGblFVVTJhV2tyYlZSaWRIbFhSbGcwZDNWM2JuTXhWbFpITkZCblpscEdaMGRGT0VkdlVqZ0tNRkZ5V25kUEt6UXplR2h4ZDFGUVRXSXhNRXMyZFRkSVduQkJkRzFrTDFJMGR6SXdWWEl4WW1ZMVNWZDViblV2V21GUFEwRllaM2RuWjBZd1RVRTBSd3BCTVZWa1JIZEZRaTkzVVVWQmQwbElaMFJCVkVKblRsWklVMVZGUkVSQlMwSm5aM0pDWjBWR1FsRmpSRUY2UVdSQ1owNVdTRkUwUlVablVWVlJObk12Q2xGb2NGZENhRFZvZEZwVE1YTnBkRzV2ZWs1MWVIUmpkMGgzV1VSV1VqQnFRa0puZDBadlFWVXpPVkJ3ZWpGWmEwVmFZalZ4VG1wd1MwWlhhWGhwTkZrS1drUTRkMGxSV1VSV1VqQlNRVkZJTDBKQ1kzZEdXVVZVWWxNMWRVeHVUbWxpTWxZeVVVZGtkRmxYYkhOTWJVNTJZbFJCYzBKbmIzSkNaMFZGUVZsUEx3cE5RVVZDUWtJMWIyUklVbmRqZW05MlRESmtjR1JIYURGWmFUVnFZakl3ZG1KSE9XNWhWelIyWWpKR01XUkhaM2RNWjFsTFMzZFpRa0pCUjBSMmVrRkNDa05CVVdkRVFqVnZaRWhTZDJONmIzWk1NbVJ3WkVkb01WbHBOV3BpTWpCMllrYzVibUZYTkhaaU1rWXhaRWRuZDJkWmMwZERhWE5IUVZGUlFqRnVhME1LUWtGSlJXWlJVamRCU0d0QlpIZEVaRkJVUW5GNGMyTlNUVzFOV2tob2VWcGFlbU5EYjJ0d1pYVk9ORGh5Wml0SWFXNUxRVXg1Ym5WcVowRkJRVnBwWkFvdlMzQlhRVUZCUlVGM1FrbE5SVmxEU1ZGRE1EZGhVVWx6TW1KMVNVdE5TM1pWTDBaVVFuSmhOVVJKVjIxUmFXcHpXR1ZLYlhOS01sSTNjMnRFUVVsb0NrRlFPVTlNTlROMlRHaDFjbHB0YTJSMldsazNlamh6ZVVsNk5rMVhlREJPYmpsNk1VSlNkbVVyZW5Jd1RVRnZSME5EY1VkVFRUUTVRa0ZOUkVFeWEwRUtUVWRaUTAxUlEwbE9jazlOZHpkSlVYZFJaVllyYzB3dmNGVjFTM0Y1Wm1kV1NWQnZlVWxtV2tGMmEwaFZZV2hhZUZCUmNpdE5kM1ZhZVV0MGFteFVSUXBTWldRcmNYbHpRMDFSUkU5dGJFSTFVREJ1WW1kWlpqY3lPVmd6YWs1UlZtOW5hblZrWWpWbmRucERhREp4S3pWRVRuTk1NazFWT0ZZNFRFMVZPVTFEQ214eFlsTXlVR2h1WVdFd1BRb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0ifV19fQ=="
}
]
},
"dsseEnvelope": {
"payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJpbi10b3RvIiwic3ViamVjdCI6W3sibmFtZSI6InJlYWRtZS50eHQiLCJkaWdlc3QiOnsic2hhMjU2IjoiNGJmMmRhMDEwYWYyMGQ4ZWQwMzY0Y2FmMTRmOTBiY2FiMjJiMzEyNTIwYzY4YjlhMDFiYjM0NzliYTlhNzQyYyJ9fV0sInByZWRpY2F0ZSI6eyJzaWduYXR1cmVzIjpbeyJrZXlpZCI6ImNjY2M1Yjg5ZjIxZGFmMWE4MzBmYjJlZDU3ZTU4YTRkYjJjNjlhMWNlODkwZjc1ZmVkOGMyMjRmZjg1OWFjNTIiLCJzaWciOiI2MDA3MjI4NWI1MDkyMGNiOWQxYjk3MWEyNmMzZmZlOWMzOGYwYTQwNjEzYmYzNDczMmU3ZjgyMjQyNzE0MGQyZDQxYmUyMTcxNDg4YzgwYWUzMTA4MTU5ZjE5NzVkOTI4MDc5ZDIzZWRlNWJjODgxNWFhNDYzYzVlM2JhNmZlZTNlYjQ4MDNmN2VkYmRmMmIxMzc0OWM3NTQ1MTQ3Y2IwNmNhN2M0ZWIzNmMwZTU1OGU1OWU0N2FiZmQzN2U1MTM5NjU1NjQ0MDkxMWE4NjY5ZGUwMzNjZTUzMDgxMTEzYmI3YjYxMDkzODdjNzViNWFkNzY4M2NhMDlmZWQ1NGU3NWU3OWNjODMwYTViMzQ1Yzk1ZjJkZGRiYzJlM2E0YTEzOTU3Y2M3OWFiZjcyMmE4MTRhMDA2ZWYxODg0ZGUwNzY1NTViZTI0MTE3NzkyZTU2YWIwYmRkMzU2MzUzZjlkZmE1OWFlMWIxMjZmYjRjZGYzNWJkOWY5YmI3YzMzMTg0OTNkYWE2N2M3MWI5Y2E1MmJlZWRlYWVmOGVjNTEzNTJlNDkzNTgxNzA1OWEwZWVhMDU1MTgzMTMwN2JkMzJmNTZhNjcwNTJmYzBhNDllYTc4YTc5ZmE3OTVkN2FkMGU5MWJhMTYyOGM4MDczMzUyYmI4N2NmOWEzMGM1ZTVlOCJ9XSwic2lnbmVkIjp7Il90eXBlIjoibGluayIsImJ5cHJvZHVjdHMiOnt9LCJjb21tYW5kIjpbXSwiZW52aXJvbm1lbnQiOnt9LCJtYXRlcmlhbHMiOnsiY2xpLXNpZ3N0b3JlLXRlc3QvcmVhZG1lLnR4dCI6eyJzaGEyNTYiOiI0YmYyZGEwMTBhZjIwZDhlZDAzNjRjYWYxNGY5MGJjYWIyMmIzMTI1MjBjNjhiOWEwMWJiMzQ3OWJhOWE3NDJjIn19LCJuYW1lIjoicmV2aWV3IiwicHJvZHVjdHMiOnt9fX19",
"payloadType": "application/vnd.in-toto+json",
"signatures": [
{
"sig": "MEQCIBFgZuXJR8eEbmLDcImFIlyjeEA2kz4sLZ6FPeNd5TqvAiBs1HZKq/1kBZZPPHDb1FRVw+s6eC7aRTcxEx4OjE9aJA=="
}
]
}
}
},
{
"mediaType": "evidence.dsse",
"downloadPath": "cli-sigstore-test/.evidence/9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6/4bf2da010af20d8ed0364caf14f90bcab22b312520c68b9a01bb3479ba9a742c/application-vnd.in-toto+json-1754997574225-1580ef2f.json",
"evidenceSubjectSha256": "4bf2da010af20d8ed0364caf14f90bcab22b312520c68b9a01bb3479ba9a742c",
"predicateType": "application/vnd.in-toto+json",
"createdBy": "[email protected]",
"createdAt": "2025-08-12T11:19:32.004Z",
"verificationResult": {
"sha256VerificationStatus": "success",
"signaturesVerificationStatus": "success",
"keySource": "User Provided Key",
"keyFingerprint": "/IyvutGSsuTPykv+mGtG4sph4TGh3Cl4HRNxbEZo1z4="
},
"dsseEnvelope": {
"payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJkaWdlc3QiOnsic2hhMjU2IjoiNGJmMmRhMDEwYWYyMGQ4ZWQwMzY0Y2FmMTRmOTBiY2FiMjJiMzEyNTIwYzY4YjlhMDFiYjM0NzliYTlhNzQyYyJ9fV0sInByZWRpY2F0ZVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuaW4tdG90bytqc29uIiwicHJlZGljYXRlIjp7InRlc3RzIjoicGFzcyJ9LCJjcmVhdGVkQXQiOiIyMDI1LTA4LTEyVDExOjE5OjMyLjAwNFoiLCJjcmVhdGVkQnkiOiJpdGF5a2VAamZyb2cuY29tIn0=",
"payloadType": "application/vnd.in-toto+json",
"signatures": [
{
"keyid": "",
"sig": "DbInvFvzG75nwTjoeZYPba3qHX/GlDBAJ6DSeJ7MofmErETiEtK1VCyFt1egB9XYi+1oZoDSwa9j69JvsOWUWuPrhUPd3KZDWdt4V/iYJqalKBZELBruplyknLIvnBSvDzsb6w1t/DFMgWUjAZ9e4BFbGc/GXNeo2ES1PRscTvQo5m0Gx9pU/InJsB93F6092cuGuEmgJiCy2QxSnnPZZglXqQ59pFoXoRFGRB27rFiYrZYyX+gOSKH5AiSaiCUl7qOz/61Ic3gf50zhUZLtoncFW2Mx957N/VHYjWwUojYmz4VhhISFTg8PE/5GIJT5GbemS/2tmKmBNefMUtHeNg=="
}
]
}
},
{
"mediaType": "evidence.dsse",
"downloadPath": "cli-sigstore-test/.evidence/9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6/4bf2da010af20d8ed0364caf14f90bcab22b312520c68b9a01bb3479ba9a742c/vulnerability-scan-1754998245527-ef414ee9.json",
"evidenceSubjectSha256": "4bf2da010af20d8ed0364caf14f90bcab22b312520c68b9a01bb3479ba9a742c",
"predicateType": "vulnerability-scan",
"createdBy": "[email protected]",
"createdAt": "2025-08-12T11:30:43.297Z",
"verificationResult": {
"sha256VerificationStatus": "success",
"signaturesVerificationStatus": "success",
"keySource": "Artifactory Key",
"keyFingerprint": "uz1SAgymeLMkH+lJ5ROCvbTCCnbwgUgy3zeDAR4J47k="
},
"dsseEnvelope": {
"payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJkaWdlc3QiOnsic2hhMjU2IjoiNGJmMmRhMDEwYWYyMGQ4ZWQwMzY0Y2FmMTRmOTBiY2FiMjJiMzEyNTIwYzY4YjlhMDFiYjM0NzliYTlhNzQyYyJ9fV0sInByZWRpY2F0ZVR5cGUiOiJ2dWxuZXJhYmlsaXR5LXNjYW4iLCJwcmVkaWNhdGUiOnsidGVzdHMiOiJwYXNzIn0sImNyZWF0ZWRBdCI6IjIwMjUtMDgtMTJUMTE6MzA6NDMuMjk3WiIsImNyZWF0ZWRCeSI6Iml0YXlrZUBqZnJvZy5jb20ifQ==",
"payloadType": "application/vnd.in-toto+json",
"signatures": [
{
"keyid": "RSA-EVD-MISHA",
"sig": "t3pAE+NUiAPM1iLUy/Y068uhRoG1ikF2nMaiaDtaLrmLGktDuatVl1O71OIqw+FVoyuMCa2j7Vdwb29/iZgkrqx6iDZB3ZFEwqjpCccfuoq3NJXWOI8V6WgW9GaNKZ3fSHvPVT00cpFpbrsEz44QMeScmliZuDiAfxOUrPuTeXgxMwexaaKRYtwv7vtGbndTxr5WkXoMkPY2feqd5AhI4VjvMDDDUYpB3HCcJz7JUVbPSy2QuGyabSuAOuvHtgIo1K607pELYpo27lb/0jbmZdKa47DtzwHRzJj2uaSldrAnYmX7B9Kv/2FRVVfFv05V09L1Jh/oKu7kqrEmZ11Inw=="
}
]
}
}
],
"overallVerificationStatus": "success"
}Updated 3 months ago