Are we attested yet? 🔏

What are attestations?

Sigstore is a standard for defining cryptographically verifiable attestations which can be hosted by RubyGems.org.

Attestations are built on top of Sigstore and use short-lived signing keys bound to trusted identities (like Trusted Publishers), making them misuse-resistant and less susceptible to key loss and theft.

What is this list?

This site shows the top most-downloaded gems on RubyGems.org (all gems with more than a million downloads in the past month) showing which have been uploaded with attestations.

• Green gems with a 🔏 offer attestations for their latest release
• Uncolored gems with a ⏰ were last uploaded before attestations were available
• Yellow gems come from supported hosts, but have no attestations uploaded (yet!)
• Magenta gems come from source hosts that can't generate attestations (yet!)

Packages that are known to be deprecated are not included (for example, distribute). If your package is incorrectly listed, please create a ticket.

My package is uncolored. What can I do?

Using a Trusted Publisher is the easiest way to enable attestations, since they come baked in! See the RubyGems guides and official release action to get started.

For projects already using the official gem release action, you can upgrade to v1.1 or later to automatically enable attestations for the next release of the project. We recommend upgrading to the latest version of the action to receive any bug fixes.

Something's wrong with this page!

Fantastic, a problem found is a problem fixed. Please create a ticket!

You can also submit a pull-request.

Thanks

This is a derivative work of Free-Threaded Wheels, which is itself a derivative of Python Wheels, a site that tracks which Python distributions ship the wheel distribution. The top list comes from top gems.

Thanks also to the many contributors.