Skip to content

Installation

With pip

sigstore requires Python 3.9 or newer, and can be installed directly via pip:

python -m pip install sigstore

Optionally, to install sigstore and all its dependencies with hash-checking mode enabled, run the following:

python -m pip install -r https://raw.githubusercontent.com/sigstore/sigstore-python/main/install/requirements.txt

This installs the requirements file located here, which is kept up-to-date.

With uv

Warning

sigstore depends on betterproto pre-releases versions, which are by default not resolved by uv.

uv pip install --prerelease=allow sigstore

sigstore can also be used as tool:

uvx --prerelease=allow sigstore --help

GitHub Actions

sigstore-python has an official GitHub Action!

You can install it from the GitHub Marketplace, or add it to your CI manually:

jobs:
  sigstore-python:
    steps:
      - uses: sigstore/gh-action-sigstore-python@v3.0.0
        with:
          inputs: foo.txt

See the action documentation for more details and usage examples.