Ensure verification of signed commits for new changes before merging

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD011

REMEDIATION

Enable signed commits.

SaaS:

In the repository setting on GitHub site:

1. Go to 'Branches'.
2. Go to 'Branch protection rule'.
3. Click on 'Require signed commits' (should be marked).

Read more:

• https://docs.github.com/en/authentication/troubleshooting-commit-signature-verification/checking-your-commit-and-tag-signature-verification-status
• https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits