Ecosyste.ms: Summary

An open API service providing a high level summary for open source projects.

https://github.com/sigstore/sigstore-python

codesigning python security supply-chain

Score: 20.50564747363024

Last synced: 4 days ago
JSON representation

Repository metadata:

A Sigstore client written in Python

Host: GitHub
URL: https://github.com/sigstore/sigstore-python
Owner: sigstore
License: other
Created: 2022-01-13T17:29:37.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2025-01-02T20:22:56.000Z (11 days ago)
Last Synced: 2025-01-03T00:43:56.849Z (11 days ago)
Topics: codesigning, python, security, supply-chain
Language: Python
Homepage: https://pypi.org/p/sigstore
Size: 1.98 MB
Stars: 237
Watchers: 9
Forks: 50
Open Issues: 35
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: CODEOWNERS

Owner metadata:

Name: sigstore
Login: sigstore
Email: [email protected]
Kind: organization
Description: Software Supply Chain Security
Website: https://sigstore.dev
Location: United States of America
Twitter: projectsigstore
Company:
Icon url: https://avatars.githubusercontent.com/u/71096353?v=4
Repositories: 50
Last Synced at: 2023-03-03T19:42:33.042Z
Profile URL: https://github.com/sigstore

GitHub Events

Total

Commit comment event: 1
Create event: 78
Delete event: 68
Fork event: 1
Issue comment event: 141
Issues event: 25
Member event: 2
Pull request event: 158
Pull request review comment event: 50
Pull request review event: 134
Push event: 106
Release event: 6
Watch event: 17
Total: 787

Last Year

Commit comment event: 1
Create event: 81
Delete event: 68
Fork event: 1
Issue comment event: 141
Issues event: 25
Member event: 2
Pull request event: 160
Pull request review comment event: 50
Pull request review event: 134
Push event: 106
Release event: 6
Watch event: 17
Total: 792

Committers metadata

Last synced: 2 months ago

Total Commits: 853
Total Committers: 36
Avg Commits per committer: 23.694
Development Distribution Score (DDS): 0.528

Commits in past year: 301
Committers in past year: 13
Avg Commits per committer in past year: 23.154
Development Distribution Score (DDS) in past year: 0.355

Name	Email	Commits
dependabot[bot]	4****]	403
William Woodruff	w**m@t**m	231
Alex Cameron	a**c@t**h	64
Dustin Ingram	d****i	46
Andrew Pan	3****n	20
Jussi Kukkonen	j**n@g**m	16
Facundo Tuesca	f**a@t**m	12
github-actions[bot]	4****]	10
Jack Leightcap	j**p@t**m	7
Javan Lacerda	j**a@g**m	4
Bob Callaway	b****y	4
Maya Costantini	6****i	4
asraa	a**a@g**m	2
Facundo Tuesca	f**u@t**m	2
Diogo Teles Sant'Anna	d**8@g**m	2
Azeem Shaikh	a**8@g**m	2
Christian S. Perone	p****e	2
Jack Leightcap	3****p	2
Luke Hinds	7****s	2
laurentsimon	6****n	2
Cyril Cordoui	c**i@r**m	1
David A. Wheeler	d**r@d**m	1
Hayden B	h**n@g**m	1
Hayden B	h**n@g**m	1
Jack Leightcap	j**k@l**m	1
Samuel Giddins	s**s@s**e	1
Hugo van Kemenade	1****k	1
Emile	4****m	1
Cameron	5****s	1
Jussi Kukkonen	j**u@g**i	1
and 6 more...

Issue and Pull Request metadata

Last synced: 17 days ago

Total issues: 292
Total pull requests: 978
Average time to close issues: about 2 months
Average time to close pull requests: 3 days
Total issue authors: 42
Total pull request authors: 35
Average comments per issue: 3.32
Average comments per pull request: 1.67
Merged pull request: 875
Bot issues: 63
Bot pull requests: 515

Past year issues: 65
Past year pull requests: 348
Past year average time to close issues: 12 days
Past year average time to close pull requests: 1 day
Past year issue authors: 19
Past year pull request authors: 13
Past year average comments per issue: 2.68
Past year average comments per pull request: 1.43
Past year merged pull request: 321
Past year bot issues: 7
Past year bot pull requests: 227

More stats: https://issues.ecosyste.ms/repositories/lookup?url=https://github.com/sigstore/sigstore-python

Top Issue Authors

woodruffw (80)
github-actions[bot] (62)
jku (32)
tetsuo-cpp (30)
di (26)
laurentsimon (8)
mayaCostantini (7)
sethmlarson (5)
tnytown (3)
lukpueh (2)
mgorny (2)
haydentherapper (2)
djhenderson (2)
diogoteles08 (2)
asraa (2)

Top Pull Request Authors

dependabot[bot] (495)
woodruffw (244)
tetsuo-cpp (54)
di (42)
jku (21)
tnytown (20)
github-actions[bot] (20)
facutuesca (16)
jleightcap (14)
DarkaMaul (8)
javanlacerda (5)
mayaCostantini (5)
bobcallaway (4)
haydentherapper (3)
azeemshaikh38 (2)

Top Issue Labels

enhancement (153)
bug (111)
component:cicd (74)
component:tests (69)
component:cli (31)
component:verification (23)
component:signing (15)
component:api (13)
refactoring (11)
chore (9)
component:tuf (9)
good first issue (8)
qa (7)
documentation (6)
dependencies (5)
upstream (4)
blocked (3)
duplicate (2)
question (2)
help wanted (2)
allstar (1)

Top Pull Request Labels

dependencies (510)
python (245)
github_actions (214)
chore (81)
component:cicd (54)
component:api (39)
component:verification (38)
component:cli (37)
refactoring (32)
component:signing (31)
component:tests (22)
documentation (20)
enhancement (15)
qa (14)
component:tuf (13)
blocked (6)
bug (3)
plat:windows (1)
plat:macos (1)
invalid (1)
upstream (1)

Package metadata

Total packages: 3
Total downloads:
- pypi: 82,082 last-month
- homebrew: 55 last-month
Total dependent packages: 3 (may contain duplicates)
Total dependent repositories: 9 (may contain duplicates)
Total versions: 117
Total maintainers: 3
Total advisories: 1

pypi.org: sigstore

A tool for signing Python package distributions

Homepage: https://pypi.org/project/sigstore/
Documentation: https://sigstore.github.io/sigstore-python/
Licenses: Apache Software License
Latest release: 3.6.1 (published 25 days ago)
Last Synced: 2025-01-04T03:02:48.087Z (10 days ago)
Versions: 53
Dependent Packages: 3
Dependent Repositories: 9
Downloads: 82,082 Last month
Rankings:
- Dependent packages count: 3.273%
- Downloads: 4.448%
- Average: 4.833%
- Dependent repos count: 4.956%
- Stargazers count: 5.208%
- Forks count: 6.278%
Maintainers (3)
- trailofbits
- di
- woodruffw
Advisories:
- sigstore has insufficient validation of integration timestamp during verification

proxy.golang.org: github.com/sigstore/sigstore-python

Homepage:
Documentation: https://pkg.go.dev/github.com/sigstore/sigstore-python#section-documentation
Licenses: other
Latest release: v3.6.1+incompatible (published 25 days ago)
Last Synced: 2025-01-04T03:02:47.555Z (10 days ago)
Versions: 50
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent packages count: 6.521%
- Average: 6.74%
- Dependent repos count: 6.959%

formulae.brew.sh: sigstore

Codesigning tool for Python packages

Homepage: https://github.com/sigstore/sigstore-python
Licenses: Apache-2.0
Latest release: 3.6.1 (published 24 days ago)
Last Synced: 2025-01-04T03:02:47.870Z (10 days ago)
Versions: 14
Dependent Packages: 0
Dependent Repositories: 0
Downloads: 55 Last month
Rankings:
- Dependent packages count: 19.58%
- Average: 47.071%
- Dependent repos count: 56.82%
- Downloads: 64.813%

Dependencies

.github/actions/upload-coverage/action.yml actions

actions/upload-artifact v3.1.0 composite

.github/workflows/ci.yml actions

./.github/actions/upload-coverage * composite
actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/checkout 755da8c3cf115ac066823e79a1e1788f8940201b composite
actions/download-artifact v3.0.2 composite
actions/setup-python d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 composite
actions/setup-python 5ccb29d8773c3f3f653e1705f474dfaa8a06a912 composite
re-actors/alls-green 05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe composite

.github/workflows/conformance.yml actions

actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/setup-python d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 composite
sigstore/sigstore-conformance 0748d63c53810e36cc3f4bbe4114301080f0d844 composite

.github/workflows/docs.yml actions

actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/deploy-pages 0243b6c10d06cb8e95ed8ee471231877621202c0 composite
actions/setup-python d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 composite
actions/upload-pages-artifact 253fd476ed429e83b7aae64a92a75b4ceb1a17cf composite

.github/workflows/lint.yml actions

actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/setup-python d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 composite
re-actors/alls-green 05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe composite

.github/workflows/release.yml actions

actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/download-artifact 9bc31d5ccc31df68ecc42ccf4149144866c47d8a composite
actions/setup-python d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 composite
actions/upload-artifact 0b7f8abb1508181956e8e162db84b466c27e18ce composite
pypa/gh-action-pypi-publish c7f29f7adef1a245bd91520e94867e5c6eedddcc composite
softprops/action-gh-release de2c0eb89ae2a093876385947365aca7b0e5f844 composite

.github/workflows/scorecards-analysis.yml actions

actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/upload-artifact 6673cd052c4cd6fcf4b4e6e60ea986c889389535 composite
github/codeql-action/upload-sarif 17573ee1cc1b9d061760f3a006fc4aac4f944fd5 composite
ossf/scorecard-action e38b1902ae4f44df626f11ba0734b14fb91f8f86 composite

.github/workflows/staging-tests.yml actions

actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/setup-python d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 composite
peter-evans/create-issue-from-file 433e51abf769039ee20ba1293a088ca19d573b7f composite

install/requirements.in pypi

sigstore *

install/requirements.txt pypi

appdirs ==1.4.4
betterproto ==2.0.0b5
certifi ==2022.12.7
cffi ==1.15.1
charset-normalizer ==3.0.1
cryptography ==39.0.1
grpclib ==0.4.3
h2 ==4.1.0
hpack ==4.0.0
hyperframe ==6.0.1
idna ==3.4
multidict ==6.0.4
pycparser ==2.21
pydantic ==1.10.5
pyjwt ==2.6.0
pyopenssl ==23.0.0
python-dateutil ==2.8.2
requests ==2.28.2
securesystemslib ==0.26.0
sigstore ==1.1.0
sigstore-protobuf-specs ==0.1.0
six ==1.16.0
tuf ==2.1.0
typing-extensions ==4.5.0
urllib3 ==1.26.14

pyproject.toml pypi

appdirs ~= 1.4
cryptography >= 39
importlib_resources ~= 5.7; python_version < '3.11'
pyOpenSSL >= 23.0.0
pydantic *
pyjwt >= 2.1
requests *
securesystemslib *
sigstore-protobuf-specs ~= 0.1.0
tuf ~= 2.1

.github/workflows/pin-requirements.yml actions

actions/checkout c85c95e3d7251135ab7dc9ce3241c5835cc595a9 composite
actions/setup-python bd6b4b6205c4dbad673328db7b31b7fab9e241c0 composite
peter-evans/create-pull-request 153407881ec5c347639a548ade7d8ad1d6740e38 composite

.github/workflows/requirements.yml actions

actions/checkout c85c95e3d7251135ab7dc9ce3241c5835cc595a9 composite
actions/setup-python bd6b4b6205c4dbad673328db7b31b7fab9e241c0 composite

.github/workflows/depsreview.yml actions