JFrog has introduced a new Evidence Collection functionality designed to enhance traceability and compliance in the software development lifecycle (SDLC). As regulations around secure software development evolve, the need for a robust system to document and verify software release processes has become crucial. Evidence Collection allows development teams to attach signed attestation metadata to artifacts, builds, and Release Bundles, creating a comprehensive audit trail that simplifies governance and compliance. This system consolidates information from various tools into a single source of truth, streamlining the auditing process and reducing friction between DevSecOps, GRC, and development teams. By integrating with JFrog's CI process, the feature enables the automatic capture and attachment of evidence, which can be viewed through an evidence graph and exported for auditing purposes. While Evidence Collection can function independently, pairing it with Release Lifecycle Management offers additional quality control benefits, ensuring that all software meets required standards before production. JFrog Cloud Enterprise + subscription holders can access this feature, with availability for Self Hosted customers expected soon.