GitHub force-push to sensitive branch
Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-108 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No force-push or unauthorized push to sensitive branches (main/master) detected in sushiswap/v2-core, sushiswap/v3-core, or sushi-labs/sushiswap repos as of 2026-05-17. sushi-labs/sushiswap security tab shows no published security advisories. GitHub monitoring requires permissioned webhook access (T-09 v2-deferred gating work). Assessment based on public GitHub activity review.
Sources #
- GitHubsushi-labs/sushiswap Security — GitHubsushi-labs/sushiswap security — no published advisories; no force-push events in recent public activityretrieved 2026-05-17
Methodology #
Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.
See the full factor methodology and distribution across all protocols →