GitHub force-push to sensitive branch

Raydium's assessment for RD-F-108 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cat 6B signal (v1-deferred). Raydium has active public GitHub repos: raydium-io/raydium-amm (last commit 2026-04-15), raydium-io/raydium-clmm, raydium-io/raydium-cp-swap. Force-push to main branches would be detectable via GitHub API events. No force-push or unauthorized sensitive-branch push events identified. Most recent activity includes Sec3 Q2 2026 CLMM audit-covered development cycle. All repos are under raydium-io org with expected protected branch policies. GitHub security.md present (data cache: security_md_present: true). No anomalous repo events detected.

Sources #

GitHub
raydium-io/raydium-amm — GitHubraydium-io/raydium-amm: last commit 2026-04-15; no force-push events identifiedretrieved 2026-04-29
GitHub
raydium-io GitHub Organizationraydium-io org: active development across AMM, CLMM, CPMM repos; Sec3 Q2 2026 CLMM audit covers recent changesretrieved 2026-04-29

Methodology #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol raydium factor RD-F-108 score not_assessed collected_at 2026-04-29 12:31:55