This tool would be great for making sure that unauthorized users should not be changing the supply chain for users of git. But, what this won’t do is solving the problem of authorized users intentionally breaking software. A solution for that would be for you to audit what software you are including and not mindlessly updating software. Also, checking hashes of what you are pulling from an external source or even hosting a package repository yourself.