| ▲ | t0mas88 10 hours ago | |
But the attacker could just create a branch, merge request and then merge that? | ||
| ▲ | benoau 8 hours ago | parent | next [-] | |
They can't with git by itself, but if you're also signed in to GitHub or BitBucket's CLI with an account able to approve merges they could use those tools. | ||
| ▲ | x0x0 7 hours ago | parent | prev [-] | |
We require review on PRs before they can be merged. | ||