Signed Commits: 1 issue found

Hekkos found **1** Signed Commits configuration issue in this repository.

<sub>This is part of the main [security audit](../issues/14).</sub>

<details open>
<summary><strong>Issue details</strong></summary>

- **Issue 1**: Signed commits are not required - commits can be forged or impersonated

</details>

---

### Why this matters

Commit signing provides cryptographic verification of commit authorship. This offers:
- Assurance that commits came from who they claim to be from
- Protection against commit forgery (though git config can still be spoofed)
- A verifiable audit trail of code changes
- Defense against certain account compromise scenarios

---

### How to fix

1. Set up GPG or SSH commit signing for your account
2. Configure Git to sign commits automatically
3. Enable branch protection to require signed commits

**Documentation:**
- [About commit signature verification](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
- [Signing commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Signed Commits: 1 issue found #20

Why this matters

How to fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Signed Commits: 1 issue found #20

Description

Why this matters

How to fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions