[benoau]

You can set up your repo to disable pushing directly to branches like main and require MFA to use the org admin account, so something malicious would need to push to a benign branch and separately be merged into one that deploys come from.

[sallveburrpi]

Pushing directly to main seems crazy - for anything that is remotely important I would use a pull request/merge request pattern

[otterley]

There's nothing wrong with pushing to main, as long as you don't blindly treat the head of the main branch as production-ready. It's a branch like any other; Git doesn't care what its name is.

[sallveburrpi]

Yea ofc I was implying that main is the branch that is pushed to production.

[esseph]

Depends on the use case of the repo.

[t0mas88]

But the attacker could just create a branch, merge request and then merge that?

[benoau]

They can't with git by itself, but if you're also signed in to GitHub or BitBucket's CLI with an account able to approve merges they could use those tools.

[x0x0]

We require review on PRs before they can be merged.