Lab 3 — Secure Git: SSH commit signing and pre-commit secret scanning

[Boogyy]

Goal

Implement secure Git practices by enabling SSH commit signing and automated pre-commit secret scanning, and document the setup and results as required for Lab 3.

Changes

• Configured SSH commit signing with key
• Implemented local pre-commit hook using TruffleHog and Gitleaks via Docker
• Demonstrated blocked commit when a secret was detected / uccessful commit after secret removal
• Detailed documentation and analysis in labs/submission3.md

Testing

• Tested pre-commit hook by committing a simulated private key (commit blocked)
• Confirmed GitHub shows a Verified badge for signed commit
• Verified commit signature locally using:
  git log -1 --show-signature
• Ensured no secrets remain in repository

Artifacts & Screenshots

• Screenshot of Verified commit badge on GitHub
• Terminal output showing blocked commit due to detected secret
• Terminal output showing successful commit after redaction

---

Checklist

• Task 1 completed — SSH commit signing configured and documented
• Task 2 completed — Pre-commit secret scanning implemented and tested
• labs/submission3.md contains required analysis and evidence
• No secrets or sensitive files remain in the repository