alt Hacker NewsBut the attacker could just create a branch, merge request and then merge that?
Replies
x0x0 • last Sunday at 6:52 PM
We require review on PRs before they can be merged.
But the attacker could just create a branch, merge request and then merge that?
We require review on PRs before they can be merged.
They can't with git by itself, but if you're also signed in to GitHub or BitBucket's CLI with an account able to approve merges they could use those tools.