github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/github/branch_protections/AVD-GIT-0004/docs.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/github/branch_protections/AVD-GIT-0004/docs.md (about)

     1  
     2  GitHub branch protection should be set to require signed commits.
     3  
     4  You can do this by setting the <code>require_signed_commits</code> attribute to 'true'.
     5  
     6  ### Impact
     7  Commits may not be verified and signed as coming from a trusted developer
     8  
     9  <!-- DO NOT CHANGE -->
    10  {{ remediationActions }}
    11  
    12  ### Links
    13  - https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_protection#require_signed_commits
    14  
    15  - https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification
    16  
    17  - https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-signed-commits
    18  
    19