You can do this setting the
require_signed_commits attribute to ‘true’.
You cannot guarantee the source of unsigned commits.
Require signed commits for all protected branches.
The following example will fail the github-repositories-require-signed-commits check.
The following example will pass the github-repositories-require-signed-commits check.