Skip to content

Evidence

Path: /evidence

Evidence

The evidence repository stores documents, screenshots, and files that prove your controls are working. Evidence is stored in S3-compatible object storage (Cloudflare R2, AWS S3, or a self-hosted MinIO).

Prerequisites — object storage required

Evidence upload and download are not turnkey out of the box. They need an S3-compatible object store that you supply. A stock Community Edition install ships with object storage unset, so the demo's all-green evidence repository reflects its pre-wired storage, not a default install.

To enable, configure one of:

  • Cloudflare R2 / AWS S3 / any S3-compatible endpoint — set R2_ENDPOINT_URL (or CF_ACCOUNT_ID), R2_ACCESS_KEY_ID, and R2_SECRET_ACCESS_KEY (plus the bucket), or
  • The bundled MinIO sidecar — enable the optional minio service in the Compose stack and point the same storage settings at it.

Without object storage configured, every upload, download, and listing call returns HTTP 503 — "Evidence storage service is unavailable"; the rest of the platform keeps working. The in-app Setup readiness checklist on the Dashboard flags Evidence Storage as Needs setup with the key to set. See Admin Settings to configure.

Key Elements

  • Upload button — Upload new evidence files (PDFs, screenshots, config exports).
  • Evidence list — Shows filename, type, upload date, linked controls, and verification status.
  • Verification — Evidence can be cryptographically verified using SHA-256 hashes.

How to Upload Evidence

  1. Click Upload.
  2. Select files from your computer (up to 100MB per file).
  3. Tag the evidence with the relevant control IDs.
  4. Add a description explaining what this evidence proves.

Note

Evidence storage requires S3-compatible object storage (R2/S3 or the MinIO sidecar) — see the prerequisites callout at the top of this page. Until it is configured, these upload/download actions return HTTP 503.