Ensure GitHub branch protection rules requires signed commits
Description
This policy checks whether GitHub branch protection rules require signed commits. Signed commits ensure the authenticity and integrity of code changes, preventing malicious modifications. By requiring signed commits, repositories can maintain a secure and trustworthy commit history. This is particularly important for critical infrastructure or sensitive codebases.
Code Example
github
Go to Repository Settings > Branches > Branch protection rules > Edit > Require a pull request before merging > Require signed commitsRemediation
Enable required signed commits for GitHub branch protection rules.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1042 |
| Severity | MEDIUM |
| IaC Type | github_configuration |
| Frameworks | * |
| Checkov ID | CKV_GITHUB_4 |