Audit evidence (call-site proof)
Full workflow
Complete guide (limitations, CI, published lens): audit-evidence
Why use CCE
Auditors ask: "Show me where the application accesses customer data, encryption keys, or identity APIs." Manual code searches are incomplete and don't survive repo churn. Compliance teams need durable, machine-readable evidence tied to file and line.
CCE produces call-site proof — structured JSON rows auditors can correlate with control frameworks without reading entire codebases.
Example command
cce -folder . -language AUTO -mapper-file https://releases.stackgen.com/cce/lenses/audit-evidence/latest/audit-evidence_lenses.yaml -filter all -format json -output audit-evidence.json
Published lens
https://releases.stackgen.com/cce/lenses/audit-evidence/latest/audit-evidence_lenses.yaml