docs consolidation work

docs/modules/evidence/README.md

@@ -0,0 +1,49 @@
+# Evidence
+
+**Status:** Design/Planning
+**Source:** N/A (cross-cutting concept)
+**Owner:** Platform Team
+
+## Purpose
+
+Evidence defines the unified evidence model for vulnerability findings across StellaOps. Provides canonical data structures for evidence capture, aggregation, and scoring used by Signals, Policy Engine, and EvidenceLocker modules.
+
+## Components
+
+**Concept Documentation:**
+- `unified-model.md` - Unified evidence data model specification
+
+**Evidence Types:**
+- Reachability evidence (call graph, data flow)
+- Runtime evidence (eBPF traces, dynamic observations)
+- Binary evidence (backport detection, fix validation)
+- Exploit evidence (EPSS scores, KEV flags, exploit-db entries)
+- VEX evidence (source trust, statement provenance)
+- Mitigation evidence (active mitigations, compensating controls)
+
+## Implementation Locations
+
+Evidence structures are implemented across multiple modules:
+- **Signals** - Evidence aggregation and normalization
+- **Policy Engine** - Reachability analysis and evidence generation
+- **EvidenceLocker** - Evidence storage and sealing
+- **Scanner** - Binary and vulnerability evidence capture
+- **Concelier** - Backport and exploit evidence enrichment
+
+## Dependencies
+
+- All evidence-producing modules (Scanner, Policy, Concelier, etc.)
+- Signals (evidence aggregation)
+- EvidenceLocker (evidence storage)
+
+## Related Documentation
+
+- Unified Model: `./unified-model.md`
+- Signals: `../signals/`
+- Policy: `../policy/`
+- EvidenceLocker: `../evidence-locker/`
+- Data Schemas: `../../11_DATA_SCHEMAS.md`
+
+## Current Status
+
+Evidence model documented in `unified-model.md`. Implementation distributed across Signals (aggregation), Policy (reachability), EvidenceLocker (storage), and Scanner (capture) modules.