You can sign commits locally using GPG or S/MIME. To configure your Git client to sign commits by default for a local repository, in Git versions 2.0.0 and above.

git commit -S -m your commit message

# Set a gpg key for git:
git config --global user.signingkey your_key_id

# To sign a single commit:
git commit -S -a -m "Test a signed commit"

# Auto-sign all commits globaly
git config --global commit.gpgsign true

If you do not want to sign local commits as you might be rebasing etc. a lot, use following to auto sign only commits that you push out:

git config --global push.gpgSign true

https://gist.github.com/mort3za/ad545d47dd2b54970c102fe39912f305 - Auto sign your git commits
https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/signing-commits - Signing commits