Skip to content

Audit evidence (call-site proof)

Full workflow

Complete guide (limitations, CI, published lens): audit-evidence

Why use CCE

Auditors ask: "Show me where the application accesses customer data, encryption keys, or identity APIs." Manual code searches are incomplete and don't survive repo churn. Compliance teams need durable, machine-readable evidence tied to file and line.

CCE produces call-site proof — structured JSON rows auditors can correlate with control frameworks without reading entire codebases.

Example command

cce -folder . -language AUTO -mapper-file https://releases.stackgen.com/cce/lenses/audit-evidence/latest/audit-evidence_lenses.yaml -filter all -format json -output audit-evidence.json

Published lens

https://releases.stackgen.com/cce/lenses/audit-evidence/latest/audit-evidence_lenses.yaml