Instructions for contributors

Contribute to python-tuf by submitting pull requests against the “develop” branch of this repository. Detailed instructions are available in our development guidelines. All submitted code should follow our style guidelines and must be unit tested.


With tox the whole test suite can be executed in a separate virtual environment for each supported Python version available on the system. tuf and its dependencies are installed automatically for each tox run.

$ tox

Below, you will see more details about each step managed by tox, in case you need debug/run outside tox.

Unit tests

More specifically, the Update Framework’s test suite can be executed by invoking the test aggregation script inside the tests subdirectory. tuf and its dependencies must already be installed.

$ cd tests/
$ python3

Individual tests can also be executed. Optional -v flags can be added to increase log level up to DEBUG (-vvvv).

$ cd tests/
$ python3 -v


To run the tests and measure their code coverage, the aggregation script can be invoked with the coverage tool (requires installation of coverage, e.g. via PyPI).

$ cd tests/
$ coverage run && coverage report


CI/CD will check that new TUF code is formatted with black and isort. Auto-formatting can be done on the command line:

$ black <filename>
$ isort <filename>

or via source code editor plugin [black, isort] or pre-commit-powered git hooks [black, isort].


Contributors must also indicate acceptance of the Developer Certificate of Origin by appending a Signed-off-by: Your Name <> to each git commit message (see git commit –signoff).