diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 00000000..8c116ef4
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,15 @@
+## Goal
+what we did here
+
+## Changes
+- change
+- change
+- change
+
+## Testing
+How was it verified
+
+## Checklist
+- [ ] Clear, descriptive PR title
+- [ ] Documentation updated
+- [ ] No secrets or large temporary files committed
\ No newline at end of file
diff --git a/labs/screenshots/verified_commit.png b/labs/screenshots/verified_commit.png
new file mode 100644
index 00000000..c6211942
Binary files /dev/null and b/labs/screenshots/verified_commit.png differ
diff --git a/labs/submission.md b/labs/submission.md
new file mode 100644
index 00000000..cb9bfb0e
--- /dev/null
+++ b/labs/submission.md
@@ -0,0 +1,20 @@
+# Lab 1 Submission - Introduction to DevOps & Git Workflow
+
+## Task 1 — SSH Commit Signature Verification
+
+### Benefits of Signing Commits
+Signing commits provides cryptographic proof of the author's identity. It prevents malicious actors from impersonating developers and injecting malicious code under a trusted name. In a DevOps workflow, this is a cornerstone of supply chain security, ensuring that every change in the repository can be traced back to a verified entity.
+
+### "Why is commit signing important in DevOps workflows?"
+In automated DevOps pipelines, verifying the authenticity of code is critical. If an attacker can push code that looks like it came from a lead developer, they could bypass manual scrutiny or trust-based automated checks. Signed commits effectively mitigate this risk by linking every commit to a private key held only by the authorized developer. It builds a chain of trust from the developer's machine to the production deployment.
+
+### Evidence of Setup
+**Git Configuration:**
+```
+user.signingkey=C:/Users/harne/.ssh/id_ed25519.pub
+commit.gpgsign=true
+gpg.format=ssh
+```
+
+**Verification Badge:**
+![Verified commit screenshot](screenshots/verified_commit.png)