pypa/gh-action-pypi-publish

pypa/gh-action-pypi-publish

The blessed :octocat: GitHub Action, for publishing your :package: distribution files to PyPI, the tokenless way: https://github.com/marketplace/actions/pypi-publish

GitHubGithub Repository

1008 stars

Composite

Updated 22 hours ago

GitHub Actions security score

pypa/gh-action-pypi-publish

Score

8/10

License

BSD 3-Clause "New" or "Revised" License

Maintained

25 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10

Vulnerabilities

0 existing vulnerabilities detected

Branch protection

branch protection is not maximal on development and all release branches

Manual code review

-

Secure publishing

-

Signed commits

-

Automated security tools

-

Popular

Used by 4200 open-source projects

Security Policy

security policy file detected

Networking Behavior of pypa/gh-action-pypi-publish

This GitHub Action often makes outbound network calls to these destinations, as gathered from public workflows using the Harden-Runner GitHub Action. Harden-Runner offers network egress filtering and runtime security for both GitHub-hosted and self-hosted runners.

Popular DestinationUnknown Destination
Network DestinationOwner
test.pypi.orgPython RegistryPython Registry
upload.pypi.orgPython RegistryPython Registry
pypi.python.orgPython RegistryPython Registry
pypi.orgPython RegistryPython Registry
files.pythonhosted.orgPython RegistryPython Registry
tuf-repo-cdn.sigstore.devSigstoreSigstore
fulcio.sigstore.devSigstoreSigstore
rekor.sigstore.devSigstoreSigstore
github.comGitHubGitHub
ghcr.ioGitHubGitHub
pkg-containers.githubusercontent.comGitHubGitHub