create-github-app-token icon indicating copy to clipboard operation
create-github-app-token copied to clipboard
verified publisher icon actions

Request to enable commit signature verification for repository

Open a-coggins opened this issue 6 months ago • 1 comments

Hello,

This repository currently does not use verified commits. For organizations with strict supply chain security policies—including ours—this presents a compliance issue. We require all GitHub Actions dependencies to originate from repositories with verified commits to ensure integrity and traceability.

Please consider enabling commit signing for this repository.

Thank you.

a-coggins avatar Aug 07 '25 11:08 a-coggins

With the number of attacks against organisations and institutions rising, many now have security as their number one priority. The result of which many are now putting in place stringent security policies when using third party software.

I'd like to up vote this request becuase without it we cannot use this library

humphreyn avatar Aug 07 '25 11:08 humphreyn