Tag
commit-signing
Safeguard articles tagged "commit-signing" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Open Source Security
Contributing to open source securely: a guide for new maintainers and PR authors
It took roughly two years of trusted commits before the xz-utils backdoor shipped. Here's how new contributors avoid becoming the next weak link.
Jul 12, 20267 min read
Software Supply Chain Security
How to set up signed commits with GPG
A step-by-step guide to set up GPG signed commits in Git: generate a key, configure Git, publish it to GitHub, verify signatures, and fix common errors.
Feb 17, 20267 min read