# Install gitsign Keyless Git signing using Sigstore. Version 0.16.1 via Homebrew; verified 2026-06-08. ## Install ```sh sudo av install brew:gitsign ``` Additional install commands: ### macOS - Homebrew (100%): ```sh brew install gitsign ``` Evidence: local Homebrew formula metadata - MacPorts (94%): ```sh sudo port install gitsign ``` Evidence: MacPorts ports tree: security/gitsign/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1 ### Linux - Debian apt (92%): ```sh sudo apt install gitsign ``` Evidence: Debian stable package indexes: gitsign from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz - Nix (92%): ```sh nix profile install nixpkgs#gitsign ``` Evidence: nixpkgs package indexes: pkgs/by-name/gi/gitsign/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1 - pacman (92%): ```sh sudo pacman -S gitsign ``` Evidence: Arch Linux sync databases: gitsign from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz - zypper (92%): ```sh sudo zypper install gitsign ``` Evidence: openSUSE Tumbleweed package metadata: gitsign from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst ### Windows - Scoop (92%): ```sh scoop install main/gitsign ``` Evidence: Scoop official bucket manifest trees: bucket/gitsign.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1 ## Package Facts - **Package key:** brew:gitsign - **Package manager:** Homebrew - **Package manager URL:** - **Version:** 0.16.1 - **Source summary:** Keyless Git signing using Sigstore - **Homepage:** - **Repository:** - **Upstream docs:** - **License:** Apache-2.0 - **Source archive:** - **Last updated:** 2026-06-08T21:43:20Z - **Generated:** 2026-06-10T07:18:26+00:00 ## Executables - gitsign (cli) - gitsign-credential-cache (cli) - gitsign (alias) - gitsign-credential-cache (alias) ## Build Dependencies - go ## Install Behavior - Post-install hook: not defined - Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux ## Freshness - Page generated: 2026-06-10 - Package-manager version: 0.16.1 - Package-manager updated: 2026-06-08 - Local data status: ok - Upstream repository: https://github.com/sigstore/gitsign - Upstream latest detected: v0.16.1 (current) ## 安全说明 narrow executable package without higher-risk signals. - **Geiger risk:** green / low - narrow executable package without higher-risk signals ## Source Database Details - **Source Database:** Homebrew formula API - **Tap:** homebrew/core - **Full Name:** gitsign - **Version Scheme:** 0 - **Revision:** 0 - **Head Version:** HEAD - **Bottle Stable Root URL:** - **Deprecated:** no - **Disabled:** no - **Keg Only:** no - **URL Keys:** head, stable ## Other Package-Manager Records - Debian apt - gitsign - 0.13.0-2+b2: normalized package name match | Debian stable package indexes: gitsign from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Keyless Git signing using Sigstore (program) | https://github.com/sigstore/gitsign - Debian apt - golang-github-sigstore-gitsign-dev - 0.13.0-2: normalized package name match | Debian stable package indexes: golang-github-sigstore-gitsign-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Keyless Git signing using Sigstore (library) | https://github.com/sigstore/gitsign - Nix - gitsign: normalized package name match | nixpkgs package indexes: pkgs/by-name/gi/gitsign/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1 - pacman - gitsign - 0.14.0-2: normalized package name match | Arch Linux sync databases: gitsign from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Keyless Git signing using Sigstore | https://github.com/sigstore/gitsign - zypper - gitsign - 0.16.0-1.1: normalized package name match | openSUSE Tumbleweed package metadata: gitsign from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst | Keyless Git signing using Sigstore | https://github.com/sigstore/gitsign - zypper - gitsign-credential-cache - 0.16.0-1.1: normalized package name match | openSUSE Tumbleweed package metadata: gitsign-credential-cache from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst | Credential cache for gitsign | https://github.com/sigstore/gitsign - MacPorts - gitsign: normalized package name match | MacPorts ports tree: security/gitsign/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1 - Scoop - main/gitsign: normalized package name match | Scoop official bucket manifest trees: bucket/gitsign.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1 ## Related Links - [Source-control packages](https://www.automicvault.com/zh-hans/pkg/source-control-tools/) - Belongs to a source-control command family. - [Terminal utility packages](https://www.automicvault.com/zh-hans/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata. - [Networking and protocol packages](https://www.automicvault.com/zh-hans/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata. - [Security and crypto packages](https://www.automicvault.com/zh-hans/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata. - [go](https://www.automicvault.com/zh-hans/pkg/brew/go/) - Build dependency declared by Homebrew. - [cosign](https://www.automicvault.com/zh-hans/pkg/brew/cosign/) - Shares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security. - [sigstore](https://www.automicvault.com/zh-hans/pkg/brew/sigstore/) - Shares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security. - [rekor-cli](https://www.automicvault.com/zh-hans/pkg/brew/rekor-cli/) - Shares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security. - [gittuf](https://www.automicvault.com/zh-hans/pkg/brew/gittuf/) - Shares av.db curated category or tags: cli, git, security, software-supply-chain, supply-chain-security. - [safety](https://www.automicvault.com/zh-hans/pkg/brew/safety/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security. - [poutine](https://www.automicvault.com/zh-hans/pkg/brew/poutine/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security. - [notation](https://www.automicvault.com/zh-hans/pkg/brew/notation/) - Shares av.db curated category or tags: cli, security, signing, software-supply-chain, supply-chain-security. - [syft](https://www.automicvault.com/zh-hans/pkg/brew/syft/) - Shares av.db curated category or tags: cli, security, software-supply-chain. - [cdxgen](https://www.automicvault.com/zh-hans/pkg/brew/cdxgen/) - Security-sensitive metadata or terminology overlaps. Shared terms: chain, cli, security, software-supply-chain, supply. ## Sources - Nucleus package database - Geiger risk classifier - package-page enrichment - package version freshness - av.db category and tag curation - package relationship graph - external package-manager database matches - cross-ecosystem install command graph