GitHub force-push to sensitive branch

Chainlink CCIP's assessment for RD-F-108 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Applicable — smartcontractkit/chainlink and smartcontractkit/ccip-owner-contracts are the code-bearing repos. No force-push or unauthorized sensitive-branch push reported in public GitHub activity. Last commit date: 2026-05-16 on smartcontractkit/chainlink-ccip per data cache. Chainlink is a large corporate engineering organization with ISO 27001 certification implying code-review and branch-protection controls. No unauthorized push events reported in public channels.

Sources #

URL
Chainlink Security CertificationsChainlink security certifications — ISO 27001 certification covering infrastructure, development, and security practicesretrieved 2026-05-16
GitHub
smartcontractkit/chainlink-ccip GitHubsmartcontractkit/chainlink-ccip — last commit 2026-05-16; active development; no force-push reportsretrieved 2026-05-16

Methodology #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol chainlink-ccip factor RD-F-108 score green collected_at 2026-05-16 01:55:09