Git repositories store valuable source code and are used to build applications that work with sensitive data. If an attacker was able to compromise a GitHub account with a vulnerable repository, they could push malicious commits straight to production. Signed commits help ensure that doesn’t happen.
Read This Article on How-To Geek ›
Source : How to Secure Your Git Repository with Signed Commits and Tags
