defirisk.co
rubric v1.7.0

GitHub force-push to sensitive branch

Symbiotic's assessment for RD-F-108 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

GitHub force-push to sensitive branch requires live GitHub API monitoring. Core contracts are immutable post-deploy, so a force-push would affect future code not deployed bytecode. No force-push anomaly found in public OSINT. Signal requires live GitHub event subscription not yet wired up.

Sources #

  • GitHub
    Symbiotic core GitHubsymbioticfi/core — primary repo; monitoring status unknownretrieved 2026-05-16
  • Internal
    Symbiotic profile meta.research/protocols/symbiotic/00-profile.meta.json — immutable_core: trueretrieved 2026-05-16

Methodology #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol symbiotic factor RD-F-108 score gray collected_at 2026-05-16 09:25:24