(no title)

I have issues with business/product team even commenting on PRs because auditors have said that access to GitHub=Access to Codebase.

There are a select few people I would consider granting access to code within our product teams, but without "segregation of duties" clearly defined, I don't think it would fly.