Your Git Log Is a Legal Document
In 2024, Orca Security sued Wiz and demanded their full git version control history. Orca wanted to see "when features and functions were added, modified, or altered, including through engineers' notes and comments." The court recognized git history as relevant evidence in a software IP dispute. It ordered production of commit logs tied to two specific features. That ruling should concern you. Your commits record author name, email, timestamp, and content hash. Git chains them together cryptographically, replicates them across clones, and makes them discoverable in litigation. You are building a legal record whether you intend to or not. You already use git as a development tool. It is also a chain of custody for intellectual property. And you are probably destroying yours. A Cryptographic Chain of Custody Every git commit stores five things: the content of the change, the author's name and email, the author's timestamp, the committer's name and email, and the committer's timestamp. That commit is hashed using SHA-1 (or SHA-256 in newer repositories), and the hash incorporates the hash of the parent commit. Change one byte anywhere in the chain and every subsequent hash changes. This is a Merkle DAG. The same data structure that makes blockchains tamper-evident. Your commit history is a cryptographic proof linking each change to all previous changes. Git records three layers of timestamps. AuthorDate is when the content was written. CommitterDate is when it was finalized into the repository. And the server-side push timestamp, recorded by GitHub or GitLab, marks when the remote received the data. That third timestamp is outside the developer's control. A clone is a full copy of the entire history. Your collaborators, CI runners, and backup systems each hold an independent replica. Forensics researchers call this "evidence proliferation." Tampering with one copy does nothing if fifty others exist unchanged. Under Federal Rules of Evidence 902(14), data verified throu