Creating an Evidence Pack
An Evidence Pack is a ZIP file containing your security evidence (SOC 2 reports, pentest summaries, policies, etc.) along with a manifest that lists everything included. Your customers get a clear view of what you sent, and you both have a record of exactly what was shared.
What you'll create
The manifest lists every file you include, so your customer knows exactly what they received. When they review evidence next year, they can compare the new pack to the old one and see what changed.
manifest.json
An index of every file with its SHA-256 hash. Recipients can verify nothing was modified after you created the pack.
artifacts/
Your evidence files. Include whatever your customer needs: compliance reports, penetration test summaries, security policies, configuration exports.
The pack format is an open standard. Recipients can verify it with any compatible tool.
Create your pack
Add your evidence files below and we'll generate a pack with a manifest. Everything runs in your browser. Your files never leave your device.
Your files never leave your device
What's a profile?
Profiles declare what artifacts a pack should contain. Recipients can validate your pack meets their requirements.
Drop files here or click to browse
PDF, JSON, images, and other evidence files
Want to see how it works?
Files to include
Profile requirements
Evidence Pack created!
Your download should start automatically. Share this ZIP with your customers.
This pack is unsigned
Hashes verify file integrity, but the pack doesn't prove who created it.
Automate publishing
Instead of building packs manually, run collectors on a schedule. Fresh evidence, published automatically whenever your posture changes.
CLI & SDKRelated
Initiated by
Locktivity
We built Evidence Packs in the open because portable, verifiable assurance is a problem bigger than any one vendor.