Skip to main content
All CollectionsReports
New File Format support
New File Format support

This article covers the new file formats supported in Evidence Library, Controls, and RIsk Management.

Faraz Yaghouti avatar
Written by Faraz Yaghouti
Updated over a week ago


Uploading evidence to Drata is a key part of maintaining your compliance posture. We want to ensure certain file types uploaded to your account do not contain malicious content that could affect Drata or your account.


Before Diving In…

  • The following file formats will be scanned for malicious content: .zip, .txt, .json, .markdown, .md, .csv

  • These file formats are currently supported in Evidence Library, Miscellaneous evidence for a control, and supporting documents for a risk in Risk Management

  • These file types won’t be saved in Drata until after we’ve scanned it. If the file is required in a step in Drata, you will have to wait until after the scan is complete to continue.

  • The Drata Open API does not support these new file formats.

  • Zip file details:

    • Zip files can be up to 100MB in Evidence Library. For all other types, the limit is 25MB for an upload.

    • We will only allow a zip within a zip file. If there are more zip files contained, we will automatically reject the file.

    • Zip files must only contain files that are supported file formats: EX: if you upload a zip file with an MP4 file, we will reject the entire zip.

    • If a zip file is scanned and rejected due to the potentially malicious content, the event tracking details will include which file in the zip we identified as potentially malicious.

Uploading a file that needs to be scanned

  • Select the file you want to upload. Drata will then scan the file.

  • Once Drata has completed scanning the file, if it is safe, we will save the file.

  • During the scan, if we find potentially malicious content, we will reject the file. For all rejected files, we will create an event in event tracking to note we potentially detected malicious content. If the rejected file was a zip file, the event tracking details will mention which contained file was potentially malicious.

  • An email will also be sent to the user who tried to upload the file notifying them it was rejected along with a link to the event tracking details.

If the file is a required step

  • If the file is a required step in Drata, you will have to wait until after the scan is complete to continue. For example if you are uploading miscellaneous evidence to a control, the file is required. If you click Save File before we have finished scanning, there will be an error.

  • You can always close out the modal by clicking on Cancel at any time.

  • Once the file is saved, you can click on Save File and continue

Did this answer your question?