Right. At a previous place we migrated from Github to Gitlab, but we have to keep the GH repo for the merge request, approvals and paper trial. This for PCI and SOC2 auditing.
Someone didn't understand compliance. To have painted yourself into that tight of a corner is just bad policy. I've been involved in half a dozen SOC2 programs and can't imagine how I'd actually be able to create that problem.
That's interesting. Was Github Enterprise too expensive or was there another reason you didn't use it? What advantage did partially moving to Gitlab bring? This question is coming from a genuine place of curiosity, in case that's not coming across via text.