policy name: no_signed_commits
severity: LOW
Require all commits to be signed and verified
A commit containing malicious code may be crafted by a malicious actor that has acquired write access to the repository to initiate a supply chain attack. Commit signing provides another layer of defense that can prevent this type of compromise.
- Make sure you have admin permissions
- Go to the repo's settings page
- Enter "Branches" tab
- Under "Branch protection rules"
- Click "Edit" on the default branch rule
- Check "Require signed commits"
- Click "Save changes"