Git repositories store valuable source code and are used to build applications that work with sensitive data. If an attacker was able to compromise a GitHub account with a vulnerable repository, they could push malicious commits straight to production. Signed commits help ensure that doesn’t happen.