| Name | sigstore JSON |
| Version |
3.6.1
JSON |
| download |
| home_page | None |
| Summary | A tool for signing Python package distributions |
| upload_time | 2024-12-19 17:09:58 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.9 |
| license | None |
| keywords |
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
sigstore-python
===============
<!--- @begin-badges@ --->
[](https://pypi.org/project/sigstore)
[](https://securityscorecards.dev/viewer/?uri=github.com/sigstore/sigstore-python)
[](https://slsa.dev/)
[](https://sigstore.github.io/sigstore-python)
<!--- @end-badges@ --->
`sigstore` is a Python tool for generating and verifying Sigstore signatures.
You can use it to sign and verify Python package distributions, or anything
else!
## Index
* [Features](#features)
* [Installation](#installation)
* [Usage](#usage)
* [Signing](#signing)
* [Verifying](#verifying)
* [Generic identities](#generic-identities)
* [Signatures from GitHub Actions](#signatures-from-github-actions)
* [Advanced usage](#advanced-usage)
* [Documentation](#documentation)
* [Licensing](#licensing)
* [Community](#community)
* [Contributing](#contributing)
* [Code of Conduct](#code-of-conduct)
* [Security](#security)
* [SLSA Provenance](#slsa-provenance)
## Features
* Support for keyless signature generation and verification with [Sigstore](https://www.sigstore.dev/)
* Support for signing with ["ambient" OpenID Connect identities](https://github.com/sigstore/sigstore-python#signing-with-ambient-credentials)
* A comprehensive [CLI](https://github.com/sigstore/sigstore-python#usage) and corresponding
[importable Python API](https://sigstore.github.io/sigstore-python)
## Installation
`sigstore` requires Python 3.9 or newer, and can be installed directly via `pip`:
```console
python -m pip install sigstore
```
See the [installation](https://sigstore.github.io/sigstore-python/installation) page in the documentation for more
installation options.
## Usage
For Python API usage, see our [API](https://sigstore.github.io/sigstore-python/api/).
You can run `sigstore` as a standalone program:
```console
sigstore --help
```
Top-level:
<!-- @begin-sigstore-help@ -->
```
usage: sigstore [-h] [-v] [-V] [--staging | --trust-config FILE] COMMAND ...
a tool for signing and verifying Python package distributions
positional arguments:
COMMAND the operation to perform
attest sign one or more inputs using DSSE
sign sign one or more inputs
verify verify one or more inputs
get-identity-token
retrieve and return a Sigstore-compatible OpenID
Connect token
plumbing developer-only plumbing operations
optional arguments:
-h, --help show this help message and exit
-v, --verbose run with additional debug logging; supply multiple
times to increase verbosity (default: 0)
-V, --version show program's version number and exit
--staging Use sigstore's staging instances, instead of the
default production instances (default: False)
--trust-config FILE The client trust configuration to use (default: None)
```
<!-- @end-sigstore-help@ -->
### Signing
<!-- @begin-sigstore-sign-help@ -->
```
usage: sigstore sign [-h] [-v] [--identity-token TOKEN] [--oidc-client-id ID]
[--oidc-client-secret SECRET]
[--oidc-disable-ambient-providers] [--oidc-issuer URL]
[--oauth-force-oob] [--no-default-files]
[--signature FILE] [--certificate FILE] [--bundle FILE]
[--output-directory DIR] [--overwrite]
FILE [FILE ...]
positional arguments:
FILE The file to sign
optional arguments:
-h, --help show this help message and exit
-v, --verbose run with additional debug logging; supply multiple
times to increase verbosity (default: 0)
OpenID Connect options:
--identity-token TOKEN
the OIDC identity token to use (default: None)
--oidc-client-id ID The custom OpenID Connect client ID to use during
OAuth2 (default: sigstore)
--oidc-client-secret SECRET
The custom OpenID Connect client secret to use during
OAuth2 (default: None)
--oidc-disable-ambient-providers
Disable ambient OpenID Connect credential detection
(e.g. on GitHub Actions) (default: False)
--oidc-issuer URL The OpenID Connect issuer to use (conflicts with
--staging) (default: https://oauth2.sigstore.dev/auth)
--oauth-force-oob Force an out-of-band OAuth flow and do not
automatically start the default web browser (default:
False)
Output options:
--no-default-files Don't emit the default output files
({input}.sigstore.json) (default: False)
--signature FILE, --output-signature FILE
Write a single signature to the given file; does not
work with multiple input files (default: None)
--certificate FILE, --output-certificate FILE
Write a single certificate to the given file; does not
work with multiple input files (default: None)
--bundle FILE Write a single Sigstore bundle to the given file; does
not work with multiple input files (default: None)
--output-directory DIR
Write default outputs to the given directory
(conflicts with --signature, --certificate, --bundle)
(default: None)
--overwrite Overwrite preexisting signature and certificate
outputs, if present (default: False)
```
<!-- @end-sigstore-sign-help@ -->
### Signing with DSSE envelopes
<!-- @begin-sigstore-attest-help@ -->
```
usage: sigstore attest [-h] [-v] --predicate FILE --predicate-type TYPE
[--identity-token TOKEN] [--oidc-client-id ID]
[--oidc-client-secret SECRET]
[--oidc-disable-ambient-providers] [--oidc-issuer URL]
[--oauth-force-oob] [--bundle FILE] [--overwrite]
FILE [FILE ...]
positional arguments:
FILE The file to sign
optional arguments:
-h, --help show this help message and exit
-v, --verbose run with additional debug logging; supply multiple
times to increase verbosity (default: 0)
DSSE options:
--predicate FILE Path to the predicate file (default: None)
--predicate-type TYPE
Specify a predicate type
(https://slsa.dev/provenance/v0.2,
https://slsa.dev/provenance/v1) (default: None)
OpenID Connect options:
--identity-token TOKEN
the OIDC identity token to use (default: None)
--oidc-client-id ID The custom OpenID Connect client ID to use during
OAuth2 (default: sigstore)
--oidc-client-secret SECRET
The custom OpenID Connect client secret to use during
OAuth2 (default: None)
--oidc-disable-ambient-providers
Disable ambient OpenID Connect credential detection
(e.g. on GitHub Actions) (default: False)
--oidc-issuer URL The OpenID Connect issuer to use (conflicts with
--staging) (default: https://oauth2.sigstore.dev/auth)
--oauth-force-oob Force an out-of-band OAuth flow and do not
automatically start the default web browser (default:
False)
Output options:
--bundle FILE Write a single Sigstore bundle to the given file; does
not work with multiple input files (default: None)
--overwrite Overwrite preexisting bundle outputs, if present
(default: False)
```
<!-- @end-sigstore-attest-help@ -->
### Verifying
#### Identities
<!-- @begin-sigstore-verify-identity-help@ -->
```
usage: sigstore verify identity [-h] [-v] [--certificate FILE]
[--signature FILE] [--bundle FILE] [--offline]
--cert-identity IDENTITY --cert-oidc-issuer
URL
FILE_OR_DIGEST [FILE_OR_DIGEST ...]
optional arguments:
-h, --help show this help message and exit
-v, --verbose run with additional debug logging; supply multiple
times to increase verbosity (default: 0)
Verification inputs:
--certificate FILE, --cert FILE
The PEM-encoded certificate to verify against; not
used with multiple inputs (default: None)
--signature FILE The signature to verify against; not used with
multiple inputs (default: None)
--bundle FILE The Sigstore bundle to verify with; not used with
multiple inputs (default: None)
FILE_OR_DIGEST The file path or the digest to verify. The digest
should start with the 'sha256:' prefix.
Verification options:
--offline Perform offline verification; requires a Sigstore
bundle (default: False)
--cert-identity IDENTITY
The identity to check for in the certificate's Subject
Alternative Name (default: None)
--cert-oidc-issuer URL
The OIDC issuer URL to check for in the certificate's
OIDC issuer extension (default: None)
```
<!-- @end-sigstore-verify-identity-help@ -->
#### Signatures from GitHub Actions
<!-- @begin-sigstore-verify-github-help@ -->
```
usage: sigstore verify github [-h] [-v] [--certificate FILE]
[--signature FILE] [--bundle FILE] [--offline]
[--cert-identity IDENTITY] [--trigger EVENT]
[--sha SHA] [--name NAME] [--repository REPO]
[--ref REF]
FILE_OR_DIGEST [FILE_OR_DIGEST ...]
optional arguments:
-h, --help show this help message and exit
-v, --verbose run with additional debug logging; supply multiple
times to increase verbosity (default: 0)
Verification inputs:
--certificate FILE, --cert FILE
The PEM-encoded certificate to verify against; not
used with multiple inputs (default: None)
--signature FILE The signature to verify against; not used with
multiple inputs (default: None)
--bundle FILE The Sigstore bundle to verify with; not used with
multiple inputs (default: None)
FILE_OR_DIGEST The file path or the digest to verify. The digest
should start with the 'sha256:' prefix.
Verification options:
--offline Perform offline verification; requires a Sigstore
bundle (default: False)
--cert-identity IDENTITY
The identity to check for in the certificate's Subject
Alternative Name (default: None)
--trigger EVENT The GitHub Actions event name that triggered the
workflow (default: None)
--sha SHA The `git` commit SHA that the workflow run was invoked
with (default: None)
--name NAME The name of the workflow that was triggered (default:
None)
--repository REPO The repository slug that the workflow was triggered
under (default: None)
--ref REF The `git` ref that the workflow was invoked with
(default: None)
```
<!-- @end-sigstore-verify-github-help@ -->
## Documentation
`sigstore` documentation is available on [https://sigstore.github.io/sigstore-python](https://sigstore.github.io/sigstore-python)
## Licensing
`sigstore` is licensed under the Apache 2.0 License.
## Community
`sigstore-python` is developed as part of the [Sigstore](https://sigstore.dev) project.
We also use a [Slack channel](https://sigstore.slack.com)!
Click [here](https://join.slack.com/t/sigstore/shared_invite/zt-mhs55zh0-XmY3bcfWn4XEyMqUUutbUQ) for the invite link.
## Contributing
See [the contributing docs](https://github.com/sigstore/.github/blob/main/CONTRIBUTING.md) for details.
## Code of Conduct
Everyone interacting with this project is expected to follow the
[sigstore Code of Conduct](https://github.com/sigstore/.github/blob/main/CODE_OF_CONDUCT.md).
## Security
Should you discover any security issues, please refer to sigstore's [security
process](https://github.com/sigstore/.github/blob/main/SECURITY.md).
Raw data
{
"_id": null,
"home_page": null,
"name": "sigstore",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": null,
"author": null,
"author_email": "Sigstore Authors <sigstore-dev@googlegroups.com>",
"download_url": "https://files.pythonhosted.org/packages/db/89/b982115aabe1068fd581d83d2a0b26b78e1e7ce6184e75003d173e15c0b3/sigstore-3.6.1.tar.gz",
"platform": null,
"description": "sigstore-python\n===============\n\n<!--- @begin-badges@ --->\n\n[](https://pypi.org/project/sigstore)\n[](https://securityscorecards.dev/viewer/?uri=github.com/sigstore/sigstore-python)\n[](https://slsa.dev/)\n\n[](https://sigstore.github.io/sigstore-python)\n<!--- @end-badges@ --->\n\n`sigstore` is a Python tool for generating and verifying Sigstore signatures.\nYou can use it to sign and verify Python package distributions, or anything\nelse!\n\n## Index\n\n* [Features](#features)\n* [Installation](#installation)\n* [Usage](#usage)\n * [Signing](#signing)\n * [Verifying](#verifying)\n * [Generic identities](#generic-identities)\n * [Signatures from GitHub Actions](#signatures-from-github-actions)\n * [Advanced usage](#advanced-usage)\n* [Documentation](#documentation)\n* [Licensing](#licensing)\n* [Community](#community)\n* [Contributing](#contributing)\n* [Code of Conduct](#code-of-conduct)\n* [Security](#security)\n* [SLSA Provenance](#slsa-provenance)\n\n## Features\n\n* Support for keyless signature generation and verification with [Sigstore](https://www.sigstore.dev/)\n* Support for signing with [\"ambient\" OpenID Connect identities](https://github.com/sigstore/sigstore-python#signing-with-ambient-credentials)\n* A comprehensive [CLI](https://github.com/sigstore/sigstore-python#usage) and corresponding\n [importable Python API](https://sigstore.github.io/sigstore-python)\n\n## Installation\n\n`sigstore` requires Python 3.9 or newer, and can be installed directly via `pip`:\n\n```console\npython -m pip install sigstore\n```\n\nSee the [installation](https://sigstore.github.io/sigstore-python/installation) page in the documentation for more\ninstallation options.\n\n## Usage\n\nFor Python API usage, see our [API](https://sigstore.github.io/sigstore-python/api/).\n\nYou can run `sigstore` as a standalone program:\n\n```console\nsigstore --help\n```\n\nTop-level:\n\n<!-- @begin-sigstore-help@ -->\n```\nusage: sigstore [-h] [-v] [-V] [--staging | --trust-config FILE] COMMAND ...\n\na tool for signing and verifying Python package distributions\n\npositional arguments:\n COMMAND the operation to perform\n attest sign one or more inputs using DSSE\n sign sign one or more inputs\n verify verify one or more inputs\n get-identity-token\n retrieve and return a Sigstore-compatible OpenID\n Connect token\n plumbing developer-only plumbing operations\n\noptional arguments:\n -h, --help show this help message and exit\n -v, --verbose run with additional debug logging; supply multiple\n times to increase verbosity (default: 0)\n -V, --version show program's version number and exit\n --staging Use sigstore's staging instances, instead of the\n default production instances (default: False)\n --trust-config FILE The client trust configuration to use (default: None)\n```\n<!-- @end-sigstore-help@ -->\n\n\n### Signing\n\n<!-- @begin-sigstore-sign-help@ -->\n```\nusage: sigstore sign [-h] [-v] [--identity-token TOKEN] [--oidc-client-id ID]\n [--oidc-client-secret SECRET]\n [--oidc-disable-ambient-providers] [--oidc-issuer URL]\n [--oauth-force-oob] [--no-default-files]\n [--signature FILE] [--certificate FILE] [--bundle FILE]\n [--output-directory DIR] [--overwrite]\n FILE [FILE ...]\n\npositional arguments:\n FILE The file to sign\n\noptional arguments:\n -h, --help show this help message and exit\n -v, --verbose run with additional debug logging; supply multiple\n times to increase verbosity (default: 0)\n\nOpenID Connect options:\n --identity-token TOKEN\n the OIDC identity token to use (default: None)\n --oidc-client-id ID The custom OpenID Connect client ID to use during\n OAuth2 (default: sigstore)\n --oidc-client-secret SECRET\n The custom OpenID Connect client secret to use during\n OAuth2 (default: None)\n --oidc-disable-ambient-providers\n Disable ambient OpenID Connect credential detection\n (e.g. on GitHub Actions) (default: False)\n --oidc-issuer URL The OpenID Connect issuer to use (conflicts with\n --staging) (default: https://oauth2.sigstore.dev/auth)\n --oauth-force-oob Force an out-of-band OAuth flow and do not\n automatically start the default web browser (default:\n False)\n\nOutput options:\n --no-default-files Don't emit the default output files\n ({input}.sigstore.json) (default: False)\n --signature FILE, --output-signature FILE\n Write a single signature to the given file; does not\n work with multiple input files (default: None)\n --certificate FILE, --output-certificate FILE\n Write a single certificate to the given file; does not\n work with multiple input files (default: None)\n --bundle FILE Write a single Sigstore bundle to the given file; does\n not work with multiple input files (default: None)\n --output-directory DIR\n Write default outputs to the given directory\n (conflicts with --signature, --certificate, --bundle)\n (default: None)\n --overwrite Overwrite preexisting signature and certificate\n outputs, if present (default: False)\n```\n<!-- @end-sigstore-sign-help@ -->\n\n\n### Signing with DSSE envelopes\n\n<!-- @begin-sigstore-attest-help@ -->\n```\nusage: sigstore attest [-h] [-v] --predicate FILE --predicate-type TYPE\n [--identity-token TOKEN] [--oidc-client-id ID]\n [--oidc-client-secret SECRET]\n [--oidc-disable-ambient-providers] [--oidc-issuer URL]\n [--oauth-force-oob] [--bundle FILE] [--overwrite]\n FILE [FILE ...]\n\npositional arguments:\n FILE The file to sign\n\noptional arguments:\n -h, --help show this help message and exit\n -v, --verbose run with additional debug logging; supply multiple\n times to increase verbosity (default: 0)\n\nDSSE options:\n --predicate FILE Path to the predicate file (default: None)\n --predicate-type TYPE\n Specify a predicate type\n (https://slsa.dev/provenance/v0.2,\n https://slsa.dev/provenance/v1) (default: None)\n\nOpenID Connect options:\n --identity-token TOKEN\n the OIDC identity token to use (default: None)\n --oidc-client-id ID The custom OpenID Connect client ID to use during\n OAuth2 (default: sigstore)\n --oidc-client-secret SECRET\n The custom OpenID Connect client secret to use during\n OAuth2 (default: None)\n --oidc-disable-ambient-providers\n Disable ambient OpenID Connect credential detection\n (e.g. on GitHub Actions) (default: False)\n --oidc-issuer URL The OpenID Connect issuer to use (conflicts with\n --staging) (default: https://oauth2.sigstore.dev/auth)\n --oauth-force-oob Force an out-of-band OAuth flow and do not\n automatically start the default web browser (default:\n False)\n\nOutput options:\n --bundle FILE Write a single Sigstore bundle to the given file; does\n not work with multiple input files (default: None)\n --overwrite Overwrite preexisting bundle outputs, if present\n (default: False)\n```\n<!-- @end-sigstore-attest-help@ -->\n\n### Verifying\n\n#### Identities\n\n<!-- @begin-sigstore-verify-identity-help@ -->\n```\nusage: sigstore verify identity [-h] [-v] [--certificate FILE]\n [--signature FILE] [--bundle FILE] [--offline]\n --cert-identity IDENTITY --cert-oidc-issuer\n URL\n FILE_OR_DIGEST [FILE_OR_DIGEST ...]\n\noptional arguments:\n -h, --help show this help message and exit\n -v, --verbose run with additional debug logging; supply multiple\n times to increase verbosity (default: 0)\n\nVerification inputs:\n --certificate FILE, --cert FILE\n The PEM-encoded certificate to verify against; not\n used with multiple inputs (default: None)\n --signature FILE The signature to verify against; not used with\n multiple inputs (default: None)\n --bundle FILE The Sigstore bundle to verify with; not used with\n multiple inputs (default: None)\n FILE_OR_DIGEST The file path or the digest to verify. The digest\n should start with the 'sha256:' prefix.\n\nVerification options:\n --offline Perform offline verification; requires a Sigstore\n bundle (default: False)\n --cert-identity IDENTITY\n The identity to check for in the certificate's Subject\n Alternative Name (default: None)\n --cert-oidc-issuer URL\n The OIDC issuer URL to check for in the certificate's\n OIDC issuer extension (default: None)\n```\n<!-- @end-sigstore-verify-identity-help@ -->\n\n#### Signatures from GitHub Actions\n\n<!-- @begin-sigstore-verify-github-help@ -->\n```\nusage: sigstore verify github [-h] [-v] [--certificate FILE]\n [--signature FILE] [--bundle FILE] [--offline]\n [--cert-identity IDENTITY] [--trigger EVENT]\n [--sha SHA] [--name NAME] [--repository REPO]\n [--ref REF]\n FILE_OR_DIGEST [FILE_OR_DIGEST ...]\n\noptional arguments:\n -h, --help show this help message and exit\n -v, --verbose run with additional debug logging; supply multiple\n times to increase verbosity (default: 0)\n\nVerification inputs:\n --certificate FILE, --cert FILE\n The PEM-encoded certificate to verify against; not\n used with multiple inputs (default: None)\n --signature FILE The signature to verify against; not used with\n multiple inputs (default: None)\n --bundle FILE The Sigstore bundle to verify with; not used with\n multiple inputs (default: None)\n FILE_OR_DIGEST The file path or the digest to verify. The digest\n should start with the 'sha256:' prefix.\n\nVerification options:\n --offline Perform offline verification; requires a Sigstore\n bundle (default: False)\n --cert-identity IDENTITY\n The identity to check for in the certificate's Subject\n Alternative Name (default: None)\n --trigger EVENT The GitHub Actions event name that triggered the\n workflow (default: None)\n --sha SHA The `git` commit SHA that the workflow run was invoked\n with (default: None)\n --name NAME The name of the workflow that was triggered (default:\n None)\n --repository REPO The repository slug that the workflow was triggered\n under (default: None)\n --ref REF The `git` ref that the workflow was invoked with\n (default: None)\n```\n<!-- @end-sigstore-verify-github-help@ -->\n\n## Documentation\n\n`sigstore` documentation is available on [https://sigstore.github.io/sigstore-python](https://sigstore.github.io/sigstore-python)\n\n## Licensing\n\n`sigstore` is licensed under the Apache 2.0 License.\n\n## Community\n\n`sigstore-python` is developed as part of the [Sigstore](https://sigstore.dev) project.\n\nWe also use a [Slack channel](https://sigstore.slack.com)!\nClick [here](https://join.slack.com/t/sigstore/shared_invite/zt-mhs55zh0-XmY3bcfWn4XEyMqUUutbUQ) for the invite link.\n\n## Contributing\n\nSee [the contributing docs](https://github.com/sigstore/.github/blob/main/CONTRIBUTING.md) for details.\n\n## Code of Conduct\n\nEveryone interacting with this project is expected to follow the\n[sigstore Code of Conduct](https://github.com/sigstore/.github/blob/main/CODE_OF_CONDUCT.md).\n\n## Security\n\nShould you discover any security issues, please refer to sigstore's [security\nprocess](https://github.com/sigstore/.github/blob/main/SECURITY.md).\n\n",
"bugtrack_url": null,
"license": null,
"summary": "A tool for signing Python package distributions",
"version": "3.6.1",
"project_urls": {
"Documentation": "https://sigstore.github.io/sigstore-python/",
"Homepage": "https://pypi.org/project/sigstore/",
"Issues": "https://github.com/sigstore/sigstore-python/issues",
"Source": "https://github.com/sigstore/sigstore-python"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "70f5324edb6a802438e97e289992a41f81bb7a58a1cda2e49439e7e48896649e",
"md5": "0a1044c1d258ad04e955168cbdecaee5",
"sha256": "b568b16322222e834940acabdc84fbb16c8780874c3c21c6c8dde928dae0f881"
},
"downloads": -1,
"filename": "sigstore-3.6.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "0a1044c1d258ad04e955168cbdecaee5",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 99162,
"upload_time": "2024-12-19T17:09:55",
"upload_time_iso_8601": "2024-12-19T17:09:55.035121Z",
"url": "https://files.pythonhosted.org/packages/70/f5/324edb6a802438e97e289992a41f81bb7a58a1cda2e49439e7e48896649e/sigstore-3.6.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "db89b982115aabe1068fd581d83d2a0b26b78e1e7ce6184e75003d173e15c0b3",
"md5": "54930c46299b05f33b2cb404cfd61379",
"sha256": "ee60fdc9236fd6709271ad53b44027461360c3fde155d2af15482e4c451ff865"
},
"downloads": -1,
"filename": "sigstore-3.6.1.tar.gz",
"has_sig": false,
"md5_digest": "54930c46299b05f33b2cb404cfd61379",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 80342,
"upload_time": "2024-12-19T17:09:58",
"upload_time_iso_8601": "2024-12-19T17:09:58.053114Z",
"url": "https://files.pythonhosted.org/packages/db/89/b982115aabe1068fd581d83d2a0b26b78e1e7ce6184e75003d173e15c0b3/sigstore-3.6.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-12-19 17:09:58",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "sigstore",
"github_project": "sigstore-python",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "sigstore"
}
