At this point, we have a protected our Git branch and identified who should be reviewing code changes. We also know that signing commits is a good way for a developer to prove that they were the author of a code change. However, unless everyone signs their commits, how can you be certain that unsigned commits are valid?

Fortunately, there are some GitHub applications that are emerging to solve that problem. We will use one such application called probot-gpg, available at https://probot.Github.io/apps/gpg/.

By navigating to this page using your browser, you will be able to click the Install button. You will be brought to a page that will allow you to select which repository you want to allow the application to select. In our case, we will select the yourID/trading-smart-contract/ repository. Click Install and the application will be granted access to your repository.