Verifying ONNX PyPI Releases with Sigstore Attestations

ONNX PyPI releases include Sigstore attestations compliant with PEP 740, enabling cryptographic verification of integrity, provenance, and publisher identity.

Security Guarantees

Verification confirms that:

• the artifact has not been modified,
• it was built and published by ONNX CI,
• the signature is publicly auditable in Sigstore’s transparency log,
• the publisher identity matches onnx/onnx.

Verify a Release

pip install pypi-attestations

pypi-attestations verify pypi \
  --repository https://github.com/onnx/onnx \
  pypi:onnx-1.20.1-cp313-cp313t-win_amd64.whl

References

• PEP 740 – Digital Attestations for Python Packages https://peps.python.org/pep-0740/

• Sigstore https://www.sigstore.dev/

• PyPI Attestations https://pypi.org/project/pypi-attestations/