Skip to main content

This version of GitHub Enterprise Server was discontinued on 2023-09-25. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Managing the commit signoff policy for your organization

You can require users to automatically sign off all commits they make in GitHub Enterprise Server's web interface to repositories owned by your organization.

Who can use this feature

Organization owners can require all commits to repositories owned by the organization be signed off by the commit author.

About commit signoffs

To affirm that a commit complies with the rules and licensing governing a repository, many organizations require developers to sign off on every commit. If your organization requires commit signoffs, you can make signing off a seamless part of the commit process by enabling compulsory commit signoffs for users committing through GitHub Enterprise Server's web interface. After you enable compulsory commit signoffs for an organization, every commit made to repositories in that organization through GitHub Enterprise Server's web interface will automatically be signed off on by the commit author.

People with admin access to a repository can also enable compulsory commit signoffs at the repository level. For more information, see "Managing the commit signoff policy for your repository."

Compulsory commit signoffs only apply to commits made via the web interface. For commits made via the Git command line interface, the commit author must sign off on the commit using the --signoff option. For more information, see the Git documentation.

You can determine whether a repository you are contributing to has compulsory commit signoffs enabled by checking the header of the commit form at the bottom of the file you are editing. After compulsory commit signoff has been enabled, the header will read "Sign off and commit changes."

Screenshot of the commit form in a repository. The title of the form is "Sign off and commit changes."

Before signing off on a commit, you should ensure that your commit is in compliance with the rules and licensing governing the repository you're committing to. The repository may use a sign off agreement, such as the Developer Certificate of Origin from the Linux Foundation. For more information, see the Developer Certificate of Origin.

Signing off on a commit differs from signing a commit. For more information about signing a commit, see "About commit signature verification."

Managing compulsory commit signoffs for your organization

  1. In the upper-right corner of GitHub Enterprise Server, select your profile photo, then click Your organizations.

    Screenshot of the dropdown menu under @octocat's profile picture. "Your organizations" is outlined in dark orange.

  2. Next to the organization, click Settings.

  3. In the "Code, planning, and automation" section of the sidebar, select Repository, then click Repository defaults.

  4. Select or deselect Require contributors to sign off on web-based commits.