pypi
diff --git a/‎dev/environment
+1 b/‎dev/environment
+1
diff --git a/‎requirements/main.in
+1 b/‎requirements/main.in
+1
diff --git a/‎requirements/main.txt
+3-1 b/‎requirements/main.txt
+3-1
diff --git a/‎tests/conftest.py
+15-2 b/‎tests/conftest.py
+15-2
diff --git a/‎tests/unit/attestations/test_init.py
+36 b/‎tests/unit/attestations/test_init.py
+36
@@ -46,6 +46,7 @@ BREACHED_EMAILS=warehouse.accounts.NullEmailBreachedService
 BREACHED_PASSWORDS=warehouse.accounts.NullPasswordBreachedService
 
 OIDC_BACKEND=warehouse.oidc.services.NullOIDCPublisherService
+INTEGRITY_BACKEND=warehouse.attestations.services.NullIntegrityService
 
 METRICS_BACKEND=warehouse.metrics.DataDogMetrics host=notdatadog
 
 
@@ -61,6 +61,7 @@ requests
 requests-aws4auth
 redis>=2.8.0,<6.0.0
 rfc3986
+rfc8785
 sentry-sdk
 setuptools
 sigstore~=3.2.0
 
@@ -1986,7 +1986,9 @@ rfc3986==2.0.0 \
 rfc8785==0.1.3 \
     --hash=sha256:167efe3b5cdd09dded9d0cfc8fec1f48f5cd9f8f13b580ada4efcac138925048 \
     --hash=sha256:6116062831c62e7ac5d027973a1fe07b601ccd854bca4a2b401938a00a20b0c0
-    # via sigstore
+    # via
+    #   -r requirements/main.in
+    #   sigstore
 rich==13.8.1 \
     --hash=sha256:1760a3c0848469b97b558fc61c85233e3dafb69c7a071b4d60c38099d3cd4c06 \
     --hash=sha256:8260cda28e3db6bf04d2d1ef4dbc03ba80a824c88b0e7668a0f23126a424844a
 
@@ -30,6 +30,7 @@
 
 from jinja2 import Environment, FileSystemLoader
 from psycopg.errors import InvalidCatalogName
+from pypi_attestations import Attestation, Envelope, VerificationMaterial
 from pyramid.i18n import TranslationString
 from pyramid.static import ManifestCacheBuster
 from pyramid_jinja2 import IJinja2Environment
@@ -387,13 +388,11 @@ def get_db_session_for_app_config(app_config):
 
 @pytest.fixture(scope="session")
 def app_config(database):
-
     return get_app_config(database)
 
 
 @pytest.fixture(scope="session")
 def app_config_dbsession_from_env(database):
-
     nondefaults = {
         "warehouse.db_create_session": lambda r: r.environ.get("warehouse.db_session")
     }
@@ -539,6 +538,20 @@ def activestate_oidc_service(db_session):
     )
 
 
+@pytest.fixture
+def dummy_attestation():
+    return Attestation(
+        version=1,
+        verification_material=VerificationMaterial(
+            certificate="somebase64string", transparency_entries=[dict()]
+        ),
+        envelope=Envelope(
+            statement="somebase64string",
+            signature="somebase64string",
+        ),
+    )
+
+
 @pytest.fixture
 def macaroon_service(db_session):
     return macaroon_services.DatabaseMacaroonService(db_session)
 
@@ -0,0 +1,36 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import pretend
+
+from warehouse import attestations
+from warehouse.attestations.interfaces import IIntegrityService
+
+
+def test_includeme():
+    fake_service_klass = pretend.stub(create_service=pretend.stub())
+    config = pretend.stub(
+        registry=pretend.stub(settings={"integrity.backend": "fake.path.to.backend"}),
+        maybe_dotted=pretend.call_recorder(
+            lambda attr: fake_service_klass,
+        ),
+        register_service_factory=pretend.call_recorder(
+            lambda factory, iface, name=None: None
+        ),
+    )
+
+    attestations.includeme(config)
+
+    assert config.maybe_dotted.calls == [pretend.call("fake.path.to.backend")]
+    assert config.register_service_factory.calls == [
+        pretend.call(fake_service_klass.create_service, IIntegrityService),
+    ]