I've recently introduced Git within my company. Git allows users to set their user.name and user.email to whatever value they wish. For auditing reasons, I need to know with certainty which TFS/Active Directory user pushed commits to the TFS on-premise server repository. Does TFS store this information somewhere? Or should I introduce signed commits instead?
What you are looking for is "pushedBy" field. When the user set the user.name and user.email, the "author" and "committer" will use the user.name, but the "pushedBy" still uses the TFS/Active Directory name.
Two ways to check the pushedBy user: