defirisk.co
rubric v1.7.0

GitHub force-push to sensitive branch

Jupiter Perpetual Exchange's assessment for RD-F-108 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

GitHub force-push / sensitive-branch push signal. Jupiter Perps is closed-source — no public jup-ag/perps contract repository exists (185 jup-ag public repos searched; no perps source repo found). Without a public perps-specific repository, this signal cannot fire — there is no branch to monitor for force-push. Adjacent jup-ag repositories (SDKs, aggregator, IDL tools) are not the attack surface for this signal. Signal is structurally inapplicable to a closed-source Solana perps program.

Sources #

  • URL
    jup-ag GitHub Organizationjup-ag GitHub org — 185 public repositories; no perps contract source repository found.retrieved 2026-05-16

Methodology #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jupiter-perps factor RD-F-108 score not_applicable collected_at 2026-05-16 01:53:11