Required commit signing ensures that collaborators can only push verified signed commits to a protected branch.
If you've enforced branch protections in your repository, you can set up required commit signing. For more information, see "Configuring protected branches."
When you enable required commit signing on a branch, contributors will not be able to push local commits to the branch that are not signed with a verified GPG key, or merge unsigned commits into the branch using the GitHub Enterprise web interface. For more information about signing commits, see "About GPG."
Note: Enabling required commit signing on a branch will make it more difficult to contribute. If a collaborator pushes an unsigned commit to a branch that has required commit signing enabled, they will need to rebase their commit to include a verified signature and force push the rewritten commit to the branch.
Administrators of a repository can push local commits that have not been signed with a verified GPG key, however you can require administrators to be subject to required commit signing. For more information, see "Enabling required commit signing."