Git reference without commit SHA
AI security governance · MCP security
Severity
medium
What it is
A Git URL references a branch or tag instead of a full commit SHA, which can be force-pushed.
How Igris detects it
Igris's Version Pinning Checker flags this during MCP security scans of your configuration.
References
Related MCP security rules
Secure your AI estate with Igris