And by you, githubreportcard, and by all of your devs, etc, etc. I'm no lawyer, but I have a feeling this is what some of those NDAs were talking about.
Sure, but GitHub and all their devs have access to your private repos too. If that doesn't violate the NDA I'm not sure why GHRC would violate it either unless they've been grated special exception.
The company put the code on GitHub, and the company has the rights to do so. The developer who signed the NDA doesn't have the rights to do that. And if the code was actually stored elsewhere and the developer decided to create their own private repo and upload the code there, that would be a violation of the NDA.