Ensure GitLab projects commits are signed

Error: Gitlab project commits are not signed
Bridgecrew Policy ID: BC_REPO_GITLAB_TF_4
Checkov Check ID: CKV_GLB_4
Severity: LOW

Gitlab project commits are not signed

Description

In GitLab, administrators can turn on the capability to require signed commits for a project. When you enable required commit signing on a branch, contributors and bots can only push commits that have been signed and verified to the branch. If a collaborator pushes an unsigned commit to a branch that requires commit signatures, the collaborator will need to rebase the commit to include a verified signature, then force push the rewritten commit to the branch.

Fix - Buildtime

Terraform

  • Resource: gitlab_project
  • Attribute: prevent_secrets
resource "gitlab_project" "example-two" {
...
  push_rules {
    ...
+    reject_unsigned_commits        = true
  }
}