Understanding what’s in your software supply chain and where it came from is a critical part of application security.
In this guide, we’ll walk through how to ensure only authorized users can make changes to your organization’s code base using GitHub commit signing, code signing, and verified commits.
- How to set up and require developers’ “digital signatures” in GitHub with commit and code signing
- How to increase the validity of signatures by moving the sensitive part of your SSH key from your computer to an external key
- How to access your GitHub account and the GitHub API without supplying a username and personal access token