From d93a919a26aa27566c990c568cad88499def0852 Mon Sep 17 00:00:00 2001
From: Peter Evans <18365890+peter-evans@users.noreply.github.com>
Date: Mon, 12 Aug 2024 13:59:34 -0700
Subject: [PATCH] update docs

---
 docs/concepts-guidelines.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/concepts-guidelines.md b/docs/concepts-guidelines.md
index 163158f..a2b8a2b 100644
--- a/docs/concepts-guidelines.md
+++ b/docs/concepts-guidelines.md
@@ -284,6 +284,8 @@ GitHub App generated tokens are more secure than using a PAT because GitHub App
 
 ### Commit signing
 
+[Commit signature verification](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) is a feature where GitHub will mark signed commits as "verified" to give confidence that changes are from a trusted source. Some organizations require commit signing, and enforce it with branch protection rules.
+
 The action supports two methods to sign commits, [commit signature verification for bots](#commit-signature-verification-for-bots), and [GPG commit signature verification](#gpg-commit-signature-verification).
 
 #### Commit signature verification for bots