In this section we define the threats that could affect the organization security posture, and define the controls that can be used to mitigate them. We also show how to configure these controls in the GitArmor policy. Each threat is linked to the SLSA.dev threat model and the MS DevOps threat matrix.
An unauthorized actor could gain access to the organization repositories and exfiltrate sensitive data or inject malicious code.