Sigstore Python Packages

sigstore-models

Pydantic-based, protobuf-free data models for Sigstore

model-signing

Supply chain security for ML

securescan

Security scanning without the SaaS tax. Multi-scanner orchestration, baseline diffing, SBOM + SARIF, signed everything — runs in your terminal, your CI, or a dashboard you own.

squash-ai

🛡️ Automated EU AI Act compliance for AI/ML teams — Annex IV docs, SBOMs, policy checks, and signed audit records inside your CI/CD pipeline. August 2, 2026 enforcement deadline. ⏰

veritensor

The Anti-Virus for AI Artifacts & RAG Firewall. A static analysis tool scanning Models and Notebooks for RCE, Datasets and RAG docs for Data Poisoning, PII, and Prompt Injections. Secure your AI Supply Chain.

trustcheck

Verify PyPI package attestations and improve Python supply-chain security

arkforge-mcp

Third-party cryptographic proof for AI agent API calls — ArkForge Trust Layer MCP server

mareforma

Turning AI-driven findings into trustworthy science

mareforma-agent

Turning AI-driven findings into trustworthy science

mareforma-cli

Turning AI-driven findings into trustworthy science

mareforma-py

Turning AI-driven findings into trustworthy science

ainfera-verify

Offline verifier for Ainfera AuditChains. Trust no one, verify the chain yourself.

mareform

Turning AI-driven findings into trustworthy science

maraforma

Turning AI-driven findings into trustworthy science

pwned-deps

Drop your lockfile in, find out if you're pwned. Compromised-package scanner backed by OSV.dev.

mcpkernel

The Security Kernel for AI Agents — MCP/A2A gateway with policy enforcement, taint tracking, sandboxed execution, deterministic envelopes, and Sigstore audit. OWASP ASI 2026 compliant.

h4-hello

A practice project for publishing Python projects created with uv to PyPI with PEP740 signatures.

whiteprints

A Copier-based cookiecutter for creating Python projects managed by uv.