Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
🚀 DAY 5 OF LAUNCH WEEK:Introducing Webhook Events for Alert Changes.Learn more →
c2pa-python
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 0.27.1
- Maintainers
- 2
C2PA Python library
The c2pa-python repository provides a Python library that can:
- Read and validate C2PA manifest data from media files in supported formats.
- Create and sign manifest data, and attach it to media files in supported formats.
Features:
- Create and sign C2PA manifests using various signing algorithms.
- Verify C2PA manifests and extract metadata.
- Add assertions and ingredients to assets.
- Examples and unit tests to demonstrate usage.
Prerequisites
This library requires Python version 3.10+.
Package installation
Install the c2pa-python package from PyPI by running:
pip install c2pa-python
To use the module in Python code, import the module like this:
import c2pa
Examples
See the examples directory for some helpful examples:
examples/sign.pyshows how to sign and verify an asset with a C2PA manifest.examples/training.pydemonstrates how to add a "Do Not Train" assertion to an asset and verify it.
API reference documentation
See the section in Contributing to the project.
Contributing
Contributions are welcome! For more information, see Contributing to the project.
License
This project is licensed under the Apache License 2.0 and the MIT License. See the LICENSE-MIT and LICENSE-APACHE files for details.
FAQs
Python bindings for the C2PA Content Authenticity Initiative (CAI) library
We found that c2pa-python demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025
Product
Introducing Socket Scanning for OpenVSX Extensions
Socket now scans OpenVSX extensions, giving teams early detection of risky behaviors, hidden capabilities, and supply chain threats in developer tools.
By Mix Irving, Ryan Eberhardt -  Nov 20, 2025