# Install sigstore

Codesigning tool for Python packages. Version 4.3.0 via Homebrew; verified 2026-06-04.

## Install

```sh
sudo av install brew:sigstore
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install sigstore
```

  Evidence: local Homebrew formula metadata

## Package Facts

- **Package key:** brew:sigstore
- **Package manager:** Homebrew
- **Package manager URL:** <https://formulae.brew.sh/formula/sigstore>
- **Version:** 4.3.0
- **Source summary:** Codesigning tool for Python packages
- **Homepage:** <https://github.com/sigstore/sigstore-python>
- **Repository:** <https://github.com/sigstore/sigstore-python>
- **Upstream docs:** <https://github.com/sigstore/sigstore-python#readme>
- **License:** Apache-2.0
- **Source archive:** <https://files.pythonhosted.org/packages/d6/63/1e44d9964d4f47617e641bdf6ce1b883b893d95b29ff07f97a8901df6b1c/sigstore-4.3.0.tar.gz>
- **Last updated:** 2026-06-04T17:27:02Z
- **Generated:** 2026-06-10T07:18:26+00:00

## Executables

- sigstore (cli)
- sigstore (alias)

## Dependencies

- certifi
- cryptography
- openssl@3
- pydantic
- python@3.14

## Build Dependencies

- pkgconf
- rust

## Install Behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-06-10
- Package-manager version: 4.3.0
- Package-manager updated: 2026-06-04
- Local data status: ok
- Upstream repository: https://github.com/sigstore/sigstore-python
- info: No cached GitHub release or tag data was available.

## セキュリティノート

no executable entrypoint in the package index.

- **Geiger risk:** green / low
- no executable entrypoint in the package index

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** sigstore
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable


## Related Links

- [Source-control packages](https://www.automicvault.com/ja/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/ja/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Language runtime packages](https://www.automicvault.com/ja/pkg/language-runtime-packages/) - Matched language runtime, compiler, or interpreter metadata.
- [Networking and protocol packages](https://www.automicvault.com/ja/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [openssl@3](https://www.automicvault.com/ja/pkg/brew/openssl-3/) - Runtime dependency declared by Homebrew.
- [python@3.14](https://www.automicvault.com/ja/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [pkgconf](https://www.automicvault.com/ja/pkg/brew/pkgconf/) - Build dependency declared by Homebrew.
- [rust](https://www.automicvault.com/ja/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [cosign](https://www.automicvault.com/ja/pkg/brew/cosign/) - Shares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security.
- [safety](https://www.automicvault.com/ja/pkg/brew/safety/) - Shares av.db curated category or tags: cli, python, security, software-supply-chain, supply-chain-security.
- [rekor-cli](https://www.automicvault.com/ja/pkg/brew/rekor-cli/) - Shares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security.
- [gitsign](https://www.automicvault.com/ja/pkg/brew/gitsign/) - Shares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security.
- [cyclonedx-python](https://www.automicvault.com/ja/pkg/brew/cyclonedx-python/) - Shares av.db curated category or tags: cli, python, security, software-supply-chain.
- [poutine](https://www.automicvault.com/ja/pkg/brew/poutine/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
- [notation](https://www.automicvault.com/ja/pkg/brew/notation/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
- [tern](https://www.automicvault.com/ja/pkg/brew/tern/) - Shares av.db curated category or tags: cli, python, security, software-supply-chain.

## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph