Merge remote-tracking branch 'origin/main'

Author: wurstbrot

CHANGELOG.md

@@ -1,3 +1,10 @@
+# [1.6.0](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/compare/v1.5.0...v1.6.0) (2023-11-10)
+
+
+### Features
+
+* Enhance signing description ([03f06cd](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/commit/03f06cd3f644f3603c52fbf7b34fefbf77825726))
+
 # [1.5.0](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/compare/v1.4.0...v1.5.0) (2023-11-10)
 
 

src/assets/YAML/generated/generated.yaml

@@ -185,16 +185,20 @@ Build and Deployment:
         or container images.
       measure: Digitally signing artifacts for all steps during the build and especially
         docker images, helps to ensure their integrity and authenticity.
-      description: "### Github\nYou need to be authenticated to perform a push to
-        a Github repository. Github doesn't check if the authenticated user and the
-        mail address in the commit corresponds. \nTo highlight to reviewers who performed
-        a commit, signing is needed.\nBe aware that github actions like [semantic-release-action](https://github.com/cycjimmy/semantic-release-action)
-        will not sign commits and will fail. You find an example working configuration
-        to use semantic release action together with [planetscale/ghcommit-action](https://github.com/planetscale/ghcommit-action)
-        in the [workflow folder](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel/blob/master/.github/workflows/main.yml)
-        of DSOMM.\nYou might want to utilize [Fine-grained personal access tokens](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/)
-        from your organization for a specific repository and put the Personal Access
-        Token (PAT) as secret into the project.\n"
+      description: "### GitHub Authentication and Commit Signing  \n  To perform a
+        push to a GitHub repository, you must be authenticated. It's important to
+        note that GitHub does not verify if the authenticated user's email address
+        matches the one in the commit.\n  To clearly identify the author of a commit
+        for reviewers, commit signing is recommended.\n\n  GitHub actions such as
+        [semantic-release-action](https://github.com/cycjimmy/semantic-release-action)
+        do not automatically sign commits and may encounter issues as a result.          \n\n
+        \ To address this, you can refer to a working configuration example in the
+        [workflow folder](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel/blob/master/.github/workflows/main.yml)
+        of DSOMM, which demonstrates how to use semantic release action in conjunction
+        with [planetscale/ghcommit-action](https://github.com/planetscale/ghcommit-action).\n
+        \ For added security, consider using [Fine-grained personal access tokens](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/)
+        provided by your organization for a specific repository. Store the Personal
+        Access Token (PAT) as a secret in your project.\n"
       difficultyOfImplementation:
         knowledge: 2
         time: 2