Compliance evidence

Upload, review, approve, and sync evidence for selected frameworks.

Evidence paths

Agent finding evidence from validated security work.
User-uploaded file evidence.
Integration evidence from GitHub, Microsoft Entra, or Google Workspace.
Accepted risk records with owner, rationale, approval, and expiry.

Review model

Unreviewed evidence can provide context but should not be treated as passing. Manual and integration controls require traceable file-backed evidence, reviewer approval, and future expiry.