They should setup monitoring (email/slack) for commits and merges to the prod/main/master not their working branch is what I meant. But yes, even for random branches, setup a pipeline that will notify you after whatever tests/checks.
Assume it is only a matter of time before at least one dev's machine or git creds/keys are compromised. This way, it serves as a layer of defense to notify you of unauthorized modifications which could be subtle enough to make it past any review or qa.
Assume it is only a matter of time before at least one dev's machine or git creds/keys are compromised. This way, it serves as a layer of defense to notify you of unauthorized modifications which could be subtle enough to make it past any review or qa.