diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 00000000..4b78ccd3
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,19 @@
+## Goal
+Describe the goal of this PR
+
+## Changes
+- Change 1
+- Change 2
+
+## Testing
+Explain how this was tested
+
+## Artifacts & Screenshots
+Attach screenshots or logs
+
+---
+
+### Checklist
+- [ ] Clear PR title
+- [ ] Documentation updated if needed
+- [ ] No secrets or large temporary files
diff --git a/labs/commit_verified.png b/labs/commit_verified.png
new file mode 100644
index 00000000..4088cee4
Binary files /dev/null and b/labs/commit_verified.png differ
diff --git a/labs/removed_secret_not_blocked.png b/labs/removed_secret_not_blocked.png
new file mode 100644
index 00000000..537c8b3a
Binary files /dev/null and b/labs/removed_secret_not_blocked.png differ
diff --git a/labs/secret_blocked.png b/labs/secret_blocked.png
new file mode 100644
index 00000000..cbf1c60d
Binary files /dev/null and b/labs/secret_blocked.png differ
diff --git a/labs/ssh_added.png b/labs/ssh_added.png
new file mode 100644
index 00000000..03c3c45c
Binary files /dev/null and b/labs/ssh_added.png differ
diff --git a/labs/submission3.md b/labs/submission3.md
new file mode 100644
index 00000000..4add3710
--- /dev/null
+++ b/labs/submission3.md
@@ -0,0 +1,65 @@
+# Lab 3 — Secure Git
+
+## Task 1 — SSH Commit Signing
+
+### 1. Benefits of Commit Signing
+
+- Ensures authenticity of commits
+- Protects against impersonation
+- Ensures commit integrity
+- Important in DevSecOps pipelines
+
+### 2. Evidence
+
+#### Command for Key Generation
+```bash
+ssh-keygen -t ed25519 -C "menshih.maksym@yandex.ru"
+```
+
+#### Git Config Output
+```bash
+git config --global gpg.format ssh
+git config --global user.signingkey ~/.ssh/id_rsa.pub
+```
+
+#### Screenshots
+
+![SSH Key Added](ssh_added.png)
+![Verified Badge](commit_verified.png)
+
+
+### 3. Analysis
+
+Commit signing is critical in DevSecOps workflows because:
+- CI/CD relies on trusted code
+- Prevents supply chain attacks
+- Ensures traceability
+- Supports compliance
+
+## Task 2 — Pre-commit Secret Scanning
+
+### 1. Setup
+
+- Created `.git/hooks/pre-commit`
+- Made executable
+- Docker required
+
+### 2. Testing
+
+- Added fake AWS key
+- Commit blocked
+- Removed secret
+- Commit allowed
+
+### 3. Analysis
+
+Automated secret scanning prevents incidents by:
+- Preventing accidental leaks
+- Stopping secrets before they enter history
+- Reducing risk of credential compromise
+- Supporting shift-left security
+
+### 4. Screenshots
+
+![File with secret blocked](secret_blocked.png)
+![File without secret not blocked](removed_secret_not_blocked.png)