Skip to content

Commit deda877

Browse files
peter-evanspeter-evans
authored
update docs
1 parent 6b1bd20 commit deda877

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

docs/concepts-guidelines.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -284,6 +284,8 @@ GitHub App generated tokens are more secure than using a PAT because GitHub App
284284

285285
### Commit signing
286286

287+
[Commit signature verification](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) is a feature where GitHub will mark signed commits as "verified" to give confidence that changes are from a trusted source. Some organizations require commit signing, and enforce it with branch protection rules.
288+
287289
The action supports two methods to sign commits, [commit signature verification for bots](#commit-signature-verification-for-bots), and [GPG commit signature verification](#gpg-commit-signature-verification).
288290

289291
#### Commit signature verification for bots

0 commit comments

Comments
 (0)