feat(lab3): SSH signing + gitleaks pre-commit + history rewrite practice

[StefFashka]

Goal

This PR delivers the completed Lab 3 assignment, covering SSH commit signing, secret scanning with gitleaks, and Git history hygiene practices. The work demonstrates signed commits, automated secret detection through pre-commit hooks, and practical experience with history rewriting and secret remediation.

Changes

• submissions/lab3.md — Final submission report with configuration outputs, verification evidence, gitleaks results, reflections, and bonus task documentation.
• .pre-commit-config.yaml — Pre-commit configuration integrating gitleaks and additional security checks.
• submissions/Pasted image 20260618172903.png - Supplement screenshot

Testing

Verified SSH commit signing, GitHub commit verification, and local secret scanning functionality.

1. SSH Commit Signing

git log --show-signature -1
# Output: Good "git" signature for <email>

2. GitHub Verification

• Confirmed that the latest commit displays the green Verified badge on GitHub.

3. Pre-commit + gitleaks

pre-commit install
# Output: pre-commit installed at .git/hooks/pre-commit

pre-commit run --all-files
# Failed due to existing repository files that did not pass all hooks.

pre-commit run
# Successfully executed hooks on staged files.

4. Secret Detection Test

git commit -m "test: should be blocked by gitleaks"
# Output: gitleaks blocked the commit and reported a github-pat finding

5. Bonus: History Rewrite

git log -p | grep -c 'ghp_'
# Before rewrite: 2
# After rewrite: 0

• Task 1 — SSH signing configured + Verified badge on commit
• Task 2 — .pre-commit-config.yaml + gitleaks demonstrably blocking
• Bonus — filter-repo rewrite practice documented

Artifacts & Screenshots

All required outputs, command results, configuration files, screenshots, and reflections are included in submissions/lab3.md.
If screenshoot doesn't appears - supplement screenshot can be found in submissions/Pasted image 20260618172903.png