scikit-learn · thomasjpfan · Dec 19, 2022 · Dec 16, 2022 · Dec 16, 2022 · Dec 16, 2022
diff --git a/doc/conf.py b/doc/conf.py
@@ -331,6 +331,7 @@
     "pandas": ("https://pandas.pydata.org/pandas-docs/stable/", None),
     "joblib": ("https://joblib.readthedocs.io/en/latest/", None),
     "seaborn": ("https://seaborn.pydata.org/", None),
+    "skops": ("https://skops.readthedocs.io/en/stable/", None),
 }
 
 v = parse(release)

diff --git a/doc/model_persistence.rst b/doc/model_persistence.rst
@@ -92,6 +92,37 @@ serialization methods, please refer to this
 `talk by Alex Gaynor
 <https://pyvideo.org/video/2566/pickles-are-for-delis-not-software>`_.
 
+
+A more secure format: `skops`
+.............................
+
+`skops <https://skops.readthedocs.io/en/stable/>`__ provides a more secure
+format via the :mod:`skops.io` module. It avoids using :mod:`pickle` and only
+loads files which have types and references to functions which are trusted
+either by default or by the user. The API is very similar to ``pickle``, and
+you can persist your models as explain in the `docs
+<https://skops.readthedocs.io/en/stable/persistence.html>`__ using
+:func:`skops.io.dump` and :func:`skops.io.dumps`::
+
+    import skops.io as sio
+    obj = sio.dumps(clf)
+
+And you can load them back using :func:`skops.io.load` and
+:func:`skops.io.loads`. However, you need to specify the types which are
+trusted by you. You can get existing unknown types in a dumped object / file
+using :func:`skops.io.get_untrusted_types`, and after checking its contents,
+pass it to the load function::
+
+    unknown_types = sio.get_untrusted_types(obj)
+    clf = sio.loads(obj, trusted=unknown_types)
+
+If you trust the source of the file / object, you can pass ``trusted=True``::
+
+    clf = sio.loads(obj, trusted=True)
+
+Please report issues and feature requests related to this format on the `skops
+issue tracker <https://github.com/skops-dev/skops/issues>`__.
+
 Interoperable formats
 ---------------------
 

diff --git a/doc/related_projects.rst b/doc/related_projects.rst
@@ -115,6 +115,10 @@ enhance the functionality of scikit-learn's estimators.
   Scikit-learn pipelines to `ONNX <https://onnx.ai/>`_ for interchange and
   prediction.
 
+` `skops.io <https://skops.readthedocs.io/en/stable/persistence.html>`__ A
+  persistence model more secure than pickle, which can be used instead of
+  pickle in most common cases.
+
 - `sklearn2pmml <https://github.com/jpmml/sklearn2pmml>`_
   Serialization of a wide variety of scikit-learn estimators and transformers
   into PMML with the help of `JPMML-SkLearn <https://github.com/jpmml/jpmml-sklearn>`_