https://github.com/sigstore/sigstore-python

codesigning python security supply-chain

Score: 21.270452649319584

Last synced: about 16 hours ago
JSON representation

Repository metadata:

A Sigstore client written in Python

Host: GitHub
URL: https://github.com/sigstore/sigstore-python
Owner: sigstore
License: other
Created: 2022-01-13T17:29:37.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2026-01-13T14:05:35.000Z (24 days ago)
Last Synced: 2026-01-14T09:29:05.908Z (23 days ago)
Topics: codesigning, python, security, supply-chain
Language: Python
Homepage: https://pypi.org/p/sigstore
Size: 2.68 MB
Stars: 309
Watchers: 8
Forks: 69
Open Issues: 49
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: CODEOWNERS
- Copyright: COPYRIGHT.txt

Owner metadata:

Name: sigstore
Login: sigstore
Email: info@sigstore.dev
Kind: organization
Description: Software Supply Chain Security
Website: https://sigstore.dev
Location: United States of America
Twitter: projectsigstore
Company:
Icon url: https://avatars.githubusercontent.com/u/71096353?v=4
Repositories: 50
Last Synced at: 2023-03-03T19:42:33.042Z
Profile URL: https://github.com/sigstore

Committers metadata

Last synced: 23 days ago

Total Commits: 1,157
Total Committers: 36
Avg Commits per committer: 32.139
Development Distribution Score (DDS): 0.48

Commits in past year: 243
Committers in past year: 11
Avg Commits per committer in past year: 22.091
Development Distribution Score (DDS) in past year: 0.337

Name	Email	Commits
dependabot[bot]	4****]	602
William Woodruff	w**m@t**m	249
Alex Cameron	a**c@t**h	64
Jussi Kukkonen	j**n@g**m	62
Dustin Ingram	d****i	48
Andrew Pan	3****n	20
github-actions[bot]	4****]	19
Facundo Tuesca	f**a@t**m	15
Ramon Petgrave	3****4	11
Jack Leightcap	j**p@t**m	10
dm	a**e@t**m	7
Dimitri Papadopoulos Orfanos	3****s	5
Aleks	1****I	4
Bob Callaway	b****y	4
Javan Lacerda	j**a@g**m	4
Maya Costantini	6****i	4
Hugo van Kemenade	1****k	3
Azeem Shaikh	a**8@g**m	2
Christian S. Perone	p****e	2
Diogo Teles Sant'Anna	d**8@g**m	2
Luke Hinds	7****s	2
asraa	a**a@g**m	2
laurentsimon	6****n	2
Hayden B	h**n@g**m	2
Cyril Cordoui	c**i@r**m	1
Cameron	5****s	1
Copilot	1****t	1
David A. Wheeler	d**r@d**m	1
Emile	4****m	1
Kurt McKee	c**e@k**g	1
and 6 more...

Package metadata

Total packages: 3
Total downloads:
- homebrew: 22 last-month
- pypi: 134,071 last-month
Total dependent packages: 3 (may contain duplicates)
Total dependent repositories: 9 (may contain duplicates)
Total versions: 141
Total maintainers: 3
Total advisories: 1

pypi.org: sigstore

A tool for signing Python package distributions

Homepage: https://pypi.org/project/sigstore/
Documentation: https://sigstore.github.io/sigstore-python/
Licenses: Apache Software License
Latest release: 4.1.0 (published 4 months ago)
Last Synced: 2025-12-11T01:11:23.153Z (about 2 months ago)
Versions: 61
Dependent Packages: 3
Dependent Repositories: 9
Downloads: 134,071 Last month
Rankings:
- Dependent packages count: 3.273%
- Downloads: 4.448%
- Average: 4.833%
- Dependent repos count: 4.956%
- Stargazers count: 5.208%
- Forks count: 6.278%
Maintainers (3)
- trailofbits
- di
- woodruffw
Advisories:
- sigstore has insufficient validation of integration timestamp during verification

proxy.golang.org: github.com/sigstore/sigstore-python

Homepage:
Documentation: https://pkg.go.dev/github.com/sigstore/sigstore-python#section-documentation
Licenses: other
Latest release: v4.1.0+incompatible (published 4 months ago)
Last Synced: 2025-12-20T04:46:47.275Z (about 2 months ago)
Versions: 60
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent packages count: 6.521%
- Average: 6.74%
- Dependent repos count: 6.959%

formulae.brew.sh: sigstore

Codesigning tool for Python packages

Homepage: https://github.com/sigstore/sigstore-python
Licenses: Apache-2.0
Latest release: 4.1.0 (published 3 months ago)
Last Synced: 2026-01-09T03:02:10.543Z (28 days ago)
Versions: 20
Dependent Packages: 0
Dependent Repositories: 0
Downloads: 22 Last month
Rankings:
- Dependent packages count: 19.58%
- Average: 47.071%
- Dependent repos count: 56.82%
- Downloads: 64.813%

Dependencies

.github/actions/upload-coverage/action.yml actions

actions/upload-artifact v3.1.0 composite

.github/workflows/ci.yml actions

./.github/actions/upload-coverage * composite
actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/checkout 755da8c3cf115ac066823e79a1e1788f8940201b composite
actions/download-artifact v3.0.2 composite
actions/setup-python d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 composite
actions/setup-python 5ccb29d8773c3f3f653e1705f474dfaa8a06a912 composite
re-actors/alls-green 05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe composite

.github/workflows/conformance.yml actions

actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/setup-python d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 composite
sigstore/sigstore-conformance 0748d63c53810e36cc3f4bbe4114301080f0d844 composite

.github/workflows/docs.yml actions

actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/deploy-pages 0243b6c10d06cb8e95ed8ee471231877621202c0 composite
actions/setup-python d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 composite
actions/upload-pages-artifact 253fd476ed429e83b7aae64a92a75b4ceb1a17cf composite

.github/workflows/lint.yml actions

actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/setup-python d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 composite
re-actors/alls-green 05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe composite

.github/workflows/release.yml actions

actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/download-artifact 9bc31d5ccc31df68ecc42ccf4149144866c47d8a composite
actions/setup-python d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 composite
actions/upload-artifact 0b7f8abb1508181956e8e162db84b466c27e18ce composite
pypa/gh-action-pypi-publish c7f29f7adef1a245bd91520e94867e5c6eedddcc composite
softprops/action-gh-release de2c0eb89ae2a093876385947365aca7b0e5f844 composite

.github/workflows/scorecards-analysis.yml actions

actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/upload-artifact 6673cd052c4cd6fcf4b4e6e60ea986c889389535 composite
github/codeql-action/upload-sarif 17573ee1cc1b9d061760f3a006fc4aac4f944fd5 composite
ossf/scorecard-action e38b1902ae4f44df626f11ba0734b14fb91f8f86 composite

.github/workflows/staging-tests.yml actions

actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/setup-python d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 composite
peter-evans/create-issue-from-file 433e51abf769039ee20ba1293a088ca19d573b7f composite

install/requirements.in pypi

sigstore *

install/requirements.txt pypi

appdirs ==1.4.4
betterproto ==2.0.0b5
certifi ==2022.12.7
cffi ==1.15.1
charset-normalizer ==3.0.1
cryptography ==39.0.1
grpclib ==0.4.3
h2 ==4.1.0
hpack ==4.0.0
hyperframe ==6.0.1
idna ==3.4
multidict ==6.0.4
pycparser ==2.21
pydantic ==1.10.5
pyjwt ==2.6.0
pyopenssl ==23.0.0
python-dateutil ==2.8.2
requests ==2.28.2
securesystemslib ==0.26.0
sigstore ==1.1.0
sigstore-protobuf-specs ==0.1.0
six ==1.16.0
tuf ==2.1.0
typing-extensions ==4.5.0
urllib3 ==1.26.14

pyproject.toml pypi

appdirs ~= 1.4
cryptography >= 39
importlib_resources ~= 5.7; python_version < '3.11'
pyOpenSSL >= 23.0.0
pydantic *
pyjwt >= 2.1
requests *
securesystemslib *
sigstore-protobuf-specs ~= 0.1.0
tuf ~= 2.1

.github/workflows/pin-requirements.yml actions

actions/checkout c85c95e3d7251135ab7dc9ce3241c5835cc595a9 composite
actions/setup-python bd6b4b6205c4dbad673328db7b31b7fab9e241c0 composite
peter-evans/create-pull-request 153407881ec5c347639a548ade7d8ad1d6740e38 composite

.github/workflows/requirements.yml actions

actions/checkout c85c95e3d7251135ab7dc9ce3241c5835cc595a9 composite
actions/setup-python bd6b4b6205c4dbad673328db7b31b7fab9e241c0 composite

.github/workflows/depsreview.yml actions

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Summary