> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Update audit evidence

> Update audit evidence.

Rate limit: 10 requests / minute.



## OpenAPI

````yaml https://spec.speakeasy.com/vanta/vanta/conduct-an-audit-with-code-samples patch /audits/{auditId}/evidence/{auditEvidenceId}
openapi: 3.0.0
info:
  title: Conduct an audit
  version: 1.0.0
  description: >-
    The Auditor API lets audit firms conduct audits from a tool outside of
    Vanta. Unlock data syncing with Vanta through this API.


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /audits/{auditId}/evidence/{auditEvidenceId}:
    patch:
      tags:
        - Audits
      summary: Update audit evidence
      description: |-
        Update audit evidence.

        Rate limit: 10 requests / minute.
      operationId: UpdateAuditEvidence
      parameters:
        - in: path
          name: auditId
          required: true
          schema:
            type: string
        - in: path
          name: auditEvidenceId
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AuditEvidenceUpdateInput'
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Evidence'
              examples:
                Example 1:
                  value:
                    id: 65fc81a3359c8508c9af880f
                    externalId: cG9saWN5OmFjY2Vzcy1jb250cm9sLXBvbGljeQo=
                    status: Ready for audit
                    statusUpdatedDate: '2024-03-07T21:25:56.000Z'
                    name: Access Control Policy
                    deletionDate: '2024-03-07T21:25:56.000Z'
                    creationDate: '2024-03-07T21:25:56.000Z'
                    testStatus: The test was passing during this period
                    evidenceType: Policy
                    evidenceId: access-control-policy
                    relatedControls:
                      - name: CRY-104
                        sectionNames:
                          - Article 13
                    description: example description of test
      security:
        - bearerAuth: []
      x-codeSamples:
        - lang: typescript
          label: UpdateAuditEvidence
          source: |-
            import { Vanta } from "vanta-auditor-api-sdk";

            const vanta = new Vanta({
              bearerAuth: process.env["VANTA_BEARER_AUTH"] ?? "",
            });

            async function run() {
              const result = await vanta.audits.updateEvidence({
                auditId: "<id>",
                auditEvidenceId: "<id>",
                auditEvidenceUpdateInput: {},
              });

              console.log(result);
            }

            run();
        - lang: java
          label: UpdateAuditEvidence
          source: >-
            package hello.world;


            import com.vanta.vanta_auditor_api.Vanta;

            import
            com.vanta.vanta_auditor_api.models.components.AuditEvidenceUpdateInput;

            import
            com.vanta.vanta_auditor_api.models.operations.UpdateAuditEvidenceResponse;

            import java.lang.Exception;


            public class Application {

                public static void main(String[] args) throws Exception {

                    Vanta sdk = Vanta.builder()
                            .bearerAuth(System.getenv().getOrDefault("BEARER_AUTH", ""))
                        .build();

                    UpdateAuditEvidenceResponse res = sdk.audits().updateEvidence()
                            .auditId("<id>")
                            .auditEvidenceId("<id>")
                            .auditEvidenceUpdateInput(AuditEvidenceUpdateInput.builder()
                                .build())
                            .call();

                    if (res.evidence().isPresent()) {
                        System.out.println(res.evidence().get());
                    }
                }
            }
components:
  schemas:
    AuditEvidenceUpdateInput:
      properties:
        statusUpdate:
          properties:
            auditorEmail:
              type: string
              description: Email of the auditor who changed the state
            stateTransition:
              $ref: '#/components/schemas/AuditorEnabledStateTransition'
              description: State change for audit evidence
          required:
            - auditorEmail
            - stateTransition
          type: object
      type: object
      additionalProperties: false
    Evidence:
      properties:
        id:
          type: string
          description: Vanta internal reference to evidence
        externalId:
          type: string
          description: This is a static UUID to map Audit Firm controls to Vanta controls
        status:
          $ref: '#/components/schemas/AuditEvidenceState'
          description: Vanta internal statuses for audit evidence
        name:
          type: string
          description: Mutable name for evidence. Not guaranteed to be unique.
        deletionDate:
          type: string
          format: date-time
          nullable: true
          description: The date this Audit Evidence was deleted
        creationDate:
          type: string
          format: date-time
          description: The date this Audit Evidence was created
        statusUpdatedDate:
          type: string
          format: date-time
          description: Point in time that status was last updated
        testStatus:
          type: string
          nullable: true
          description: The outcome of the automated test run, for Test-type evidence
        evidenceType:
          $ref: '#/components/schemas/AuditEvidenceType'
          description: The type of Audit Evidence
        evidenceId:
          type: string
          description: Unique identifier for evidence
        relatedControls:
          items:
            $ref: '#/components/schemas/EvidenceControl'
          type: array
          description: The controls associated to this evidence
        description:
          type: string
          nullable: true
          description: >-
            The description for the evidence. It will be set to null if the
            evidence is deleted
      required:
        - id
        - externalId
        - status
        - name
        - deletionDate
        - creationDate
        - statusUpdatedDate
        - testStatus
        - evidenceType
        - evidenceId
        - relatedControls
        - description
      type: object
      additionalProperties: false
    AuditorEnabledStateTransition:
      type: string
      enum:
        - ACCEPT
        - MARK_APPLICABLE
        - FLAG
        - MARK_NA
        - READY_FOR_AUDIT
    AuditEvidenceState:
      type: string
      enum:
        - Accepted
        - Flagged
        - Initialized
        - NA
        - Not ready for audit
        - Ready for audit
    AuditEvidenceType:
      type: string
      enum:
        - Evidence Request
        - Policy
        - Test
    EvidenceControl:
      properties:
        name:
          type: string
          description: Name of control associated to this evidence
        sectionNames:
          items:
            type: string
          type: array
          description: A list sections associated to the control
      required:
        - name
        - sectionNames
      type: object
      additionalProperties: false
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````