GitHub force-push to sensitive branch

Stake DAO's assessment for RD-F-108 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 v2-deferred signal. contracts-monorepo is public (github_private = false per data cache). Last commit 2026-05-13. No GitHub security advisory or force-push incident detected in public data. Active development (2,190 commits per profile). GitHub webhook monitoring pipeline not implemented for production. Signal cannot be assessed in live mode without a GitHub API webhook subscription.

Sources #

GitHub
stake-dao/contracts-monorepo | GitHubstake-dao/contracts-monorepo — last commit 2026-05-13; public repo; no force-push incident detectedretrieved 2026-05-16

Methodology #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stake-dao factor RD-F-108 score gray collected_at 2026-05-16 12:29:20