Check out the PyPI blog and Trail of Bits blog for more user-facing and technical details, respectively!
Over the past year, the Google Open Source Security Team and Trail of Bits have worked together to implement PEP 740, a Python packaging standard that allows users to upload Sigstore-based attestations to the Python Package Index.
Today we’re pleased to announce that attestation support on PyPI is generally available, meaning that project maintainers can submit attestations for both PyPI and downstream users to verify.
An important piece of the story for attestations on PyPI is default enablement: if a project uses Trusted Publishing and the canonical GitHub Action then they’ll produce attestations by default, with no changes required.
This works because Trusted Publishing already uses the same OpenID Connect building blocks as Sigstore, meaning that existing workflows can use keyless signing. In other words: generating and uploading attestations requires no key management by the project’s maintainers, and brings Sigstore’s key transparency and auditability properties.
Thanks to this default stance, adoption of attestations by publishers has been rapid: over 20,000 individual attestations have been uploaded to PyPI so far, and just over 5% of the top 360 projects are already publishing attestations:
To keep track of the ecosystem’s overall progress, follow along with Are we PEP 740 yet?, which is automatically updated as more top projects release new, attested versions.