> ## Documentation Index > Fetch the complete documentation index at: https://docs.chainloop.dev/llms.txt > Use this file to discover all available pages before exploring further. # List pieces of evidence > List the pieces of evidence registered in your organization, these include SBOMs, vulnerability reports, attestations or more, optionally filtered by project name and project version. ## OpenAPI ````yaml https://api.app.chainloop.dev/openapi.yaml get /v1/evidence openapi: 3.0.1 info: contact: email: support@chainloop.dev name: Chainloop Support url: https://chainloop.dev termsOfService: https://chainloop.dev/terms title: Chainloop Platform API version: '1.0' servers: - url: https://api.app.chainloop.dev/ security: - bearerToken: [] tags: - description: AI-powered agent operations name: AgentsService - name: ArtifactService - name: AssessmentService - description: Service for polling the status of asynchronous operations name: AsyncOperationsService - name: AttestationsService - name: PolicyService - name: ComplianceService - name: ComponentService - name: EnvironmentsService - name: EvidenceService - name: FindingService - name: LogicalEnvironmentsService - name: ProductsService - name: ProjectsService - name: UserService externalDocs: description: Chainloop Official Documentation url: https://docs.chainloop.dev paths: /v1/evidence: get: tags: - EvidenceService summary: List pieces of evidence description: >- List the pieces of evidence registered in your organization, these include SBOMs, vulnerability reports, attestations or more, optionally filtered by project name and project version. operationId: EvidenceService_List parameters: - description: ProjectName is the name of the project to filter by in: query name: project_name schema: type: string - description: ProjectVersionName is the name of the project version to filter by in: query name: project_version_name schema: type: string - description: |- Kind is the type of evidence to filter by The type of evidence to filter by - CHAINLOOP_AI_AGENT_CONFIG: AI agent configuration collected automatically during attestation - UNKNOWN_KIND: Artifact kind is unknown — created from SBOM metadata when no matching attested artifact exists - CHAINLOOP_AI_CODING_SESSION: AI coding session evidence (e.g., Claude Code session traces) explode: true in: query name: kind schema: items: enum: - MATERIAL_TYPE_UNSPECIFIED - STRING - CONTAINER_IMAGE - ARTIFACT - SBOM_CYCLONEDX_JSON - SBOM_SPDX_JSON - JUNIT_XML - OPENVEX - HELM_CHART - SARIF - EVIDENCE - ATTESTATION - CSAF_VEX - CSAF_INFORMATIONAL_ADVISORY - CSAF_SECURITY_ADVISORY - CSAF_SECURITY_INCIDENT_RESPONSE - GITLAB_SECURITY_REPORT - ZAP_DAST_ZIP - BLACKDUCK_SCA_JSON - TWISTCLI_SCAN_JSON - GHAS_CODE_SCAN - GHAS_SECRET_SCAN - GHAS_DEPENDENCY_SCAN - JACOCO_XML - SLSA_PROVENANCE - CHAINLOOP_RUNNER_CONTEXT - CHAINLOOP_PR_INFO - GITLEAKS_JSON - CHAINLOOP_AI_AGENT_CONFIG - UNKNOWN_KIND - CHAINLOOP_AI_CODING_SESSION type: string type: array style: form - description: |- The cursor to start pagination from The cursor to start pagination from in: query name: pagination.cursor schema: type: string - description: |- The limit of the number of entries to return The maximum number of entries to return in: query name: pagination.limit schema: default: 10 format: int32 type: integer - description: If true, only the latest evidence for each kind and name is returned in: query name: latest schema: type: boolean - description: |- WorkflowName is the list of workflow names to filter by List of workflow names to filter by (DNS-1123 format) explode: true in: query name: workflow_name schema: items: type: string type: array style: form - description: >- Search provides a way to search evidence by name, subject name, or digest Search term to filter evidence by name, subject name, or digest (e.g., sha256:abc123...) in: query name: search schema: type: string - description: >- HideAttestation excludes attestation evidence from results when set to true If true, excludes attestation evidence from the results in: query name: hide_attestation schema: type: boolean - description: |- ProductID is the ID of the product to filter by ID of the product to filter evidence by in: query name: product_id schema: type: string - description: >- ProductVersionID is the ID of the product version to filter by ID of the product version to filter evidence by. Must be provided with product_id in: query name: product_version_id schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/v1EvidenceServiceListResponse' description: A successful response. '400': content: application/json: schema: $ref: '#/components/schemas/v1BadRequestResponse' description: Bad Request - The request was invalid or cannot be served. '401': content: application/json: schema: $ref: '#/components/schemas/v1UnauthorizedResponse' description: Unauthorized - Authentication is required. '403': content: application/json: schema: $ref: '#/components/schemas/v1PermissionDeniedResponse' description: Forbidden - You do not have permission to access this resource. '500': content: application/json: schema: $ref: '#/components/schemas/v1InternalServerErrorResponse' description: Internal Server Error - An unexpected error occurred on the server. default: content: application/json: schema: $ref: '#/components/schemas/rpcStatus' description: An unexpected error response. components: schemas: v1EvidenceServiceListResponse: description: Response for the List method example: pagination: next_cursor: next_cursor results: - workflow_id: workflow_id workflow_name: workflow_name uploaded_to_cas: true subject_version: subject_version annotations: key: annotations created_at: '2000-01-23T04:56:07.000Z' project_name: project_name latest_in_project: true policies_total: 2 project_version_name: project_version_name project_id: project_id ingestion_finished_at: '2000-01-23T04:56:07.000Z' digest: digest id: id workflow_run_id: workflow_run_id policies_passed: 5 kind: kind latest_in_project_version: true ingestion_started_at: '2000-01-23T04:56:07.000Z' organization_name: organization_name project_version_id: project_version_id ingestion_has_error: true policy_status_summary: violated: 5 total: 0 has_gates: true passed: 6 status: RUN_POLICY_STATUS_UNSPECIFIED skipped: 1 organization_id: organization_id name: name subject_name: subject_name - workflow_id: workflow_id workflow_name: workflow_name uploaded_to_cas: true subject_version: subject_version annotations: key: annotations created_at: '2000-01-23T04:56:07.000Z' project_name: project_name latest_in_project: true policies_total: 2 project_version_name: project_version_name project_id: project_id ingestion_finished_at: '2000-01-23T04:56:07.000Z' digest: digest id: id workflow_run_id: workflow_run_id policies_passed: 5 kind: kind latest_in_project_version: true ingestion_started_at: '2000-01-23T04:56:07.000Z' organization_name: organization_name project_version_id: project_version_id ingestion_has_error: true policy_status_summary: violated: 5 total: 0 has_gates: true passed: 6 status: RUN_POLICY_STATUS_UNSPECIFIED skipped: 1 organization_id: organization_id name: name subject_name: subject_name properties: results: items: $ref: '#/components/schemas/v1EvidenceListItem' title: Results is the list of evidence type: array pagination: $ref: '#/components/schemas/v1CursorPaginationResponse' title: EvidenceServiceListResponse type: object v1BadRequestResponse: description: Response for bad request example: code: 0 details: - details - details message: message properties: code: default: 3 description: >- The error code indicating the type of error. It's fixed to 3, which is the code for INVALID_ARGUMENT. format: int32 type: integer message: description: A human-readable message providing more details about the error. type: string details: description: Additional details about the error. items: type: string type: array required: - code - message title: BadRequestResponse type: object v1UnauthorizedResponse: description: Response for unauthorized access example: code: 6 details: - details - details message: message properties: code: default: 16 description: >- The error code indicating the type of error. It's fixed to 16, which is the code for UNAUTHENTICATED. format: int32 type: integer message: description: A human-readable message providing more details about the error. type: string details: description: Additional details about the error. items: type: string type: array required: - code - message title: UnauthorizedResponse type: object v1PermissionDeniedResponse: description: Response for permission denied example: code: 1 details: - details - details message: message properties: code: default: 7 description: >- The error code indicating the type of error. It's fixed to 7, which is the code for PERMISSION_DENIED. format: int32 type: integer message: description: A human-readable message providing more details about the error. type: string details: description: Additional details about the error. items: type: string type: array required: - code - message title: PermissionDeniedResponse type: object v1InternalServerErrorResponse: description: Response for internal server error example: code: 5 details: - details - details message: message properties: code: default: 13 description: >- The error code indicating the type of error. It's fixed to 13, which is the code for INTERNAL_ERROR. format: int32 type: integer message: description: A human-readable message providing more details about the error. type: string details: description: Additional details about the error. items: type: string type: array required: - code - message title: InternalServerErrorResponse type: object rpcStatus: example: code: 5 details: - '@type': '@type' - '@type': '@type' message: message properties: code: format: int32 type: integer message: type: string details: items: $ref: '#/components/schemas/protobufAny' type: array type: object v1EvidenceListItem: description: It represents an item in the list of evidence example: workflow_id: workflow_id workflow_name: workflow_name uploaded_to_cas: true subject_version: subject_version annotations: key: annotations created_at: '2000-01-23T04:56:07.000Z' project_name: project_name latest_in_project: true policies_total: 2 project_version_name: project_version_name project_id: project_id ingestion_finished_at: '2000-01-23T04:56:07.000Z' digest: digest id: id workflow_run_id: workflow_run_id policies_passed: 5 kind: kind latest_in_project_version: true ingestion_started_at: '2000-01-23T04:56:07.000Z' organization_name: organization_name project_version_id: project_version_id ingestion_has_error: true policy_status_summary: violated: 5 total: 0 has_gates: true passed: 6 status: RUN_POLICY_STATUS_UNSPECIFIED skipped: 1 organization_id: organization_id name: name subject_name: subject_name properties: id: description: Unique identifier of the evidence title: ID is the unique identifier of the evidence type: string name: description: Name of the evidence title: Name is the name of the evidence type: string digest: description: Cryptographic digest of the evidence content title: Digest is the digest of the evidence type: string kind: description: Type of evidence (e.g., SBOM, attestation, vulnerability report) title: Kind is the type of evidence type: string subject_name: description: >- Name of the subject related to the evidence eg: name of the artifact, container image etc title: The name of the subject related to the evidence type: string subject_version: description: Version of the subject related to the evidence title: The version of the subject related to the evidence type: string annotations: additionalProperties: type: string description: Custom key-value pairs associated with the evidence title: Annotations are key-value pairs associated with the evidence type: object organization_id: description: ID of the organization that owns the evidence title: OrganizationID is the ID of the organization that owns the evidence type: string organization_name: description: Name of the organization that owns the evidence title: >- OrganizationName is the name of the organization that owns the evidence type: string workflow_id: description: ID of the workflow that created the evidence title: WorkflowID is the ID of the workflow that created the evidence type: string workflow_name: description: Name of the workflow that created the evidence title: WorkflowName is the name of the workflow that created the evidence type: string workflow_run_id: description: ID of the workflow run that created the evidence title: >- WorkflowRunID is the ID of the workflow run that created the evidence type: string project_id: description: ID of the project that owns the evidence title: ProjectID is the ID of the project that owns the evidence type: string project_name: description: Name of the project that owns the evidence title: ProjectName is the name of the project that owns the evidence type: string project_version_id: description: ID of the project version that owns the evidence title: >- ProjectVersionID is the ID of the project version that owns the evidence type: string project_version_name: description: Name of the project version that owns the evidence title: >- ProjectVersionName is the name of the project version that owns the evidence type: string created_at: description: Timestamp when the evidence was created format: date-time title: CreatedAt is the timestamp when the evidence was created type: string latest_in_project: description: >- Indicates whether this evidence is the most recent of its kind and name within the project title: >- LatestInProject indicates whether this evidence is the most recent of its kind and name within the project type: boolean latest_in_project_version: description: >- Indicates whether this evidence is the most recent of its kind and name within the project version title: >- LatestInProjectVersion indicates whether this evidence is the most recent of its kind and name within the project version type: boolean uploaded_to_cas: description: >- Indicates whether the evidence has been uploaded to the content addressable storage title: >- UploadedToCas indicates whether the evidence has been uploaded to the content addressable storage type: boolean ingestion_started_at: description: >- Timestamp when SBOM ingestion processing started (only for SBOM evidence types) format: date-time title: >- IngestionStartedAt is the timestamp when SBOM ingestion processing started type: string ingestion_finished_at: description: >- Timestamp when SBOM ingestion processing finished (only for SBOM evidence types) format: date-time title: >- IngestionFinishedAt is the timestamp when SBOM ingestion processing finished type: string ingestion_has_error: description: >- Indicates whether SBOM ingestion failed (only for SBOM evidence types) title: IngestionHasError indicates whether SBOM ingestion failed type: boolean policy_status_summary: $ref: '#/components/schemas/v1RunPolicyStatusSummary' policies_passed: description: >- Number of policy evaluations that passed (convenience for x/N display) format: int32 title: PoliciesPassed is the number of policy evaluations that passed type: integer policies_total: description: Total number of policy evaluations (convenience for x/N display) format: int32 title: PoliciesTotal is the total number of policy evaluations type: integer title: EvidenceListItem type: object v1CursorPaginationResponse: description: Pagination information for cursor-based pagination example: next_cursor: next_cursor properties: next_cursor: description: The next cursor to start pagination from title: The next cursor to start pagination from type: string title: CursorPaginationResponse type: object protobufAny: additionalProperties: type: object example: '@type': '@type' properties: '@type': type: string type: object v1RunPolicyStatusSummary: description: >- RunPolicyStatusSummary bundles the canonical RunPolicyStatus with per-evaluation counters for a workflow run. Mirrors controlplane.v1.PolicyStatusSummary. example: violated: 5 total: 0 has_gates: true passed: 6 status: RUN_POLICY_STATUS_UNSPECIFIED skipped: 1 properties: status: $ref: '#/components/schemas/v1RunPolicyStatus' total: description: Total number of policy evaluations that ran format: int32 title: Total number of policy evaluations type: integer passed: description: Number of evaluations with no violations and not skipped format: int32 title: Number of evaluations that passed type: integer skipped: description: Number of evaluations that were skipped format: int32 title: Number of evaluations that were skipped type: integer violated: description: Total number of violations across all evaluations format: int32 title: Total number of violations across all evaluations type: integer has_gates: description: >- Whether any policies had gates in effect (gate:true or ENFORCED strategy) title: Whether any policies had gates in effect type: boolean type: object v1RunPolicyStatus: default: RUN_POLICY_STATUS_UNSPECIFIED description: >- RunPolicyStatus is the canonical, categorical policy outcome for a workflow run. Named "Run" to distinguish from the per-policy PolicyStatus message in policies.proto. enum: - RUN_POLICY_STATUS_UNSPECIFIED - RUN_POLICY_STATUS_NOT_APPLICABLE - RUN_POLICY_STATUS_PASSED - RUN_POLICY_STATUS_SKIPPED - RUN_POLICY_STATUS_WARNING - RUN_POLICY_STATUS_BLOCKED - RUN_POLICY_STATUS_BYPASSED type: string securitySchemes: bearerToken: description: Bearer token for authentication type: http scheme: bearer bearerFormat: JWT ````