Iin order to comply with SOC II we have to have an approval and review process for github repositories. This settings is available at https://github.com/invisible-tech/<REPO_NAME>/settings/branch_protection_rules/new where <REPO_NAME>

is the repository in question. The protection rule needs to require pull requests to make changes to the primary branch. We can override this to allow specific team members or groups to merge without reviews if we need to for operational reasons, but this should only be used for emergencies.

If the branch configuration is set appropriately it should look like this screenshot: