GitHub force-push to sensitive branch
Meteora's assessment for RD-F-108 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
MeteoraAg GitHub organization is active with last commit 2026-05-14 per data-cache. Core repos: MeteoraAg/dlmm-sdk, MeteoraAg/dynamic-bonding-curve, MeteoraAg/damm-v2, MeteoraAg/audits. No GitHub force-push incidents identified in public reporting. Direct GitHub API query for force-push events to sensitive branches requires authenticated access not available in this assessment. No security advisories flagged. Signal would require GitHub API monitoring pipeline per T-09 phase-2 spec.
Sources #
- GitHubMeteoraAg GitHub OrganizationMeteoraAg GitHub org: active development, last commit 2026-05-14 per data-cache; multiple active repos; no force-push or security advisory in public dataretrieved 2026-05-16
Methodology #
Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.
See the full factor methodology and distribution across all protocols →