Critical-risk tools in Git Steer
8 of the 83 tools in Git Steer are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
branch_reapDestructiveDelete stale or merged branches
-
config_remove_repoDestructiveRemove a repository from managed repos
-
fabric_cve_compactDestructive[git-fabric] Compact the CVE queue by removing resolved entries older than the retention period.
-
fabric_git_delete_branchDestructive[git-fabric] Delete a branch.
-
git_steer_branch_reapDestructiveDelete stale merged branches from a repository.
-
repo_archiveDestructiveArchive a repository
-
repo_deleteDestructivePermanently delete a repository. Requires confirmation.
-
repo_scrub_historyDestructivePurge sensitive files from all git history using git-filter-repo. Clones the repo as a mirror, removes specified paths from every commit, and force-pushes the rewritten history....
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.