You can enable vigilant mode for commit signature verification to mark all of your commits and tags with a signature verification status.| GitHub Docs
If you don't have an existing GPG key, you can generate a new GPG key to use for signing commits and tags.| GitHub Docs