Let's go fetch some evidence! And don't forget, screenshots are so 2012.
Set the .env file
cp .env.example .envRun the main script to access all functionality:
python main.py0) Prerequisites - Set up environment variables and check dependencies
1) Select Fetchers - Choose which evidence fetcher scripts to use and generate evidence_sets.json
2) Create Evidence Sets in Paramify - Upload evidence sets to Paramify via API
3) Run Fetchers - Execute evidence fetcher scripts and store evidence files
4) Upload Evidence to Paramify - Find latest evidence directory and upload to Paramify
- Evidence Sets: Selectively choose which fetchers to run based on your needs
- Paramify Integration: Automatic upload of evidence sets and evidence files
- Timestamped Storage: All evidence stored in organized, timestamped directories
- Multi-Instance Support: Run the same fetcher against multiple AWS regions or GitLab projects
More evidence fetchers and integrations are coming soon. To request a new fetcher or upvote which services should be supported next, head to the Paramify Community Feature Requests. Add a new request or comment and upvote existing ones to help prioritize what we build next.
evidence-fetchers/
├── main.py # Main menu system
├── fetchers/ # Evidence fetcher scripts
│ ├── aws/ # AWS scripts (29 available)
│ ├── sentinelone/ # SentinelOne scripts (5 available)
│ ├── k8s/ # Kubernetes scripts (3 available)
│ ├── knowbe4/ # KnowBe4 scripts (4 available)
│ ├── okta/ # Okta scripts (7 available)
│ ├── gitlab/ # GitLab scripts (3 available)
│ ├── rippling/ # Rippling scripts (2 available)
│ ├── checkov/ # Checkov scripts (2 available)
│ └── ssllabs/ # Qualys SSL Labs API scripts (1 available)
├── 0-prerequisites/ # Setup and dependencies
├── 1-select-fetchers/ # Fetcher selection
├── 2-create-evidence-sets/ # Create evidence sets in Paramify
├── 3-run-fetchers/ # Execute fetchers
├── 4-upload-to-paramify/ # Upload evidence to Paramify
├── 5-tests/ # Testing and validation
├── 6-add-new-fetcher/ # Add new fetchers
└── extra-supporting-scripts/ # Additional tools
Create a .env file with:
# Required: Paramify API Configuration
PARAMIFY_UPLOAD_API_TOKEN=your_api_token_here
PARAMIFY_API_BASE_URL=https://app.paramify.com/api/v0
# Optional: Service-specific configuration
AWS_PROFILE=your_aws_profile
AWS_REGION=us-east-1
KNOWBE4_API_KEY=your_knowbe4_api_key
OKTA_API_TOKEN=your_okta_api_token
OKTA_ORG_URL=https://your-org.okta.com
- Python 3.x
- dotenv (load env variables in python)
- AWS CLI (for AWS scripts)
- jq (JSON processor)
- curl (HTTP client)
- kubectl (for Kubernetes scripts)
- Component docs: See
README.mdin each numbered directory - DeepWiki docs
FedRAMP 20x KSIs <-> Fetchers Catalog
Each integration folder contains an API_KEY_SETUP.md with credential setup and rotation instructions. If you’re adding a new integration, start from the template.
| Integration | Setup Guide | Env Vars (high level) |
|---|---|---|
| AWS | fetchers/aws/API_KEY_SETUP.md | AWS_PROFILE, AWS_DEFAULT_REGION |
| SentinelOne | fetchers/sentinelone/API_KEY_SETUP.md | SENTINELONE_API_URL, SENTINELONE_API_TOKEN |
| Kubernetes | fetchers/k8s/API_KEY_SETUP.md | AWS_PROFILE, AWS_DEFAULT_REGION, local kubectl |
| KnowBe4 | fetchers/knowbe4/API_KEY_SETUP.md | KNOWBE4_API_KEY, KNOWBE4_REGION |
| Okta | fetchers/okta/API_KEY_SETUP.md | OKTA_ORG_URL, OKTA_API_TOKEN |
| GitLab | fetchers/gitlab/API_KEY_SETUP.md | GITLAB_URL, GITLAB_API_TOKEN |
| Rippling | fetchers/rippling/API_KEY_SETUP.md | RIPPLING_API_TOKEN, RIPPLING_BASE_URL, RIPPLING_PARAMIFY_EVIDENCE_ID |
| Checkov | fetchers/checkov/API_KEY_SETUP.md | GITLAB_URL, GITLAB_API_TOKEN (+ CHECKOV_*) |
| SSL Labs | fetchers/ssllabs/API_KEY_SETUP.md | SSLLABS_EMAIL, SSLLABS_HOSTS |
| Wiz | fetchers/wiz/API_KEY_SETUP.md | WIZ_CLIENT_ID, WIZ_CLIENT_SECRET, WIZ_AUTH_URL, WIZ_API_ENDPOINT, WIZ_ISSUES_PARAMIFY_ASSESSMENT_ID, WIZ_VULN_PARAMIFY_ASSESSMENT_ID |

