How do you protect production code?

We have a peer review (PR) process in place. The PR process requires code to be reviewed by a senior reviewer or code owner before being merged into production. We also use GitHub Dependabot to ensure we are not errantly introducing insecure libraries to our development repositories.