Skip to content
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 15 additions & 7 deletions auditlog.cue
Original file line number Diff line number Diff line change
Expand Up @@ -67,23 +67,31 @@ package gemara
required: *false | bool
}

// Evidence records a specific data source consulted during an audit
// Evidence records what was cited to support an opinion for a specific activity:
// raw data for the evaluation layer, evaluation and enforcement artifacts for the audit layer.
#Evidence: {
// id uniquely identifies this evidence
id?: string
id: string

// type categorizes the kind of evidence
type: #EvidenceType

// collected is the timestamp when the evidence was gathered
collected: #Datetime @go(Collected)
// collected-at is the timestamp when the evidence was gathered
"collected-at": #Datetime @go(CollectedAt)

// payload is the raw evidence data collected
payload?: _ @go(Payload,type=any)

// location references the artifact containing this evidence
location: #ArtifactMapping
// digest is a hash of the evidence content at collection time for integrity verification.
// Enables verification that mutable evidence (S3 objects, HTTP URLs, API responses)
// has not changed since the tool observed it. Not needed for content-addressable systems
// (OCI, git) or inline payloads.

Comment thread
eddie-knight marked this conversation as resolved.
Outdated
// description explains what this evidence represents
description?: string
}

// EvidenceType categorizes the kind of evidence collected during an audit
// EvidenceType categorizes the kind of evidence. It remains an open enum:
// recommended values include artifact types already known to Gemara (e.g.
// EvaluationLog, EnforcementLog) plus categories for common evidence forms.
#EvidenceType: #ArtifactType | string @go(-)
2 changes: 2 additions & 0 deletions evaluationlog.cue
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ package gemara
recommendation?: string
// ConfidenceLevel indicates the evaluator's confidence level in this specific assessment result.
"confidence-level"?: #ConfidenceLevel @go(ConfidenceLevel)
// Evidence records the raw data cited to support this assessment's opinion.
evidence?: [#Evidence, ...#Evidence] @go(Evidence)
}

#AssessmentStep: string @go(-)
Expand Down
16 changes: 5 additions & 11 deletions test/test-data/good-audit-log.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -73,10 +73,8 @@ results:
evidence:
- id: EV-DO-01
type: EvaluationLog
location:
reference-id: eval-log
description: "PVTR evaluation results for documentation controls"
collected: "2025-08-22T16:02:00Z"
collected-at: "2025-08-22T16:02:00Z"
recommendations:
- id: REC-01
text: "Add user guide references to the Security Insights file and publish basic user documentation."
Expand All @@ -93,10 +91,8 @@ results:
evidence:
- id: EV-DO-02
type: EnforcementLog
location:
reference-id: enforcement-log
description: "Enforcement actions taken for documentation failures"
collected: "2025-08-22T16:05:00Z"
collected-at: "2025-08-22T16:05:00Z"
recommendations:
- id: REC-02
text: "Formalize the private vulnerability reporting process and document it in SECURITY.md."
Expand All @@ -112,8 +108,6 @@ results:
evidence:
- id: EV-QA-01
type: api-response
location:
reference-id: github-api
remarks: "GitHub dependency graph SBOM endpoint"
description: "Dependency manifests from GitHub dependency graph"
collected: "2026-02-10T15:05:00Z"
digest: "sha256:2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824"
Comment thread
eddie-knight marked this conversation as resolved.
Outdated
description: "Dependency manifests from the GitHub dependency graph SBOM endpoint"
collected-at: "2026-02-10T15:05:00Z"
8 changes: 8 additions & 0 deletions test/test-data/pvtr-baseline-scan.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,14 @@ evaluations:
steps-executed: 1
start: 2025-08-22T16:02:00.000000000Z
end: 2025-08-22T16:02:00.000003708Z
evidence:
- id: EV-AC-01-01
type: api-response
collected-at: 2025-08-22T16:02:00.000003000Z
payload:
login: revanite-io
two_factor_requirement_enabled: true
description: Organization settings showing org-wide MFA enforcement
control:
reference-id: OSPS-B
entry-id: OSPS-AC-01
Expand Down
Loading