Restrict private repository code to be uploaded to public repository

[sg-poc]

I am saddened to share that I had a proof of concept code being done by myself and team. Our team collaborated using a private repository. Unfortunately, since we are still boot strapped and during the on going struggle one of our team member decided to quit leaving a scar on all of our faces by uploading our code to a public repository post quit that too after 3 months.

I am looking for suggestion what all could be done to avoid such breach in future.

Not sure though possible solution could be
-> Have role based access for developers like clone, commit, delete, merge but once I have cloned the repository on my local machine I still login to git with different username and still upload code to different repo. So that's sound like not a good idea.

-> Have a track of my/developer IP address and block myself/developer from uploading/committing to any public/private repository apart from the private repository code was cloned.

At the moment I could think of only these two idea.. Suggestion are welcome.

[airtower-luna]

Unfortunately, since we are still boot strapped and during the on going struggle one of our team member decided to quit leaving a scar on all of our faces by uploading our code to a public repository post quit that too after 3 months.

This is what's called an "insider attack", and it's important to understand there is no reliable technical measure against it. If you give someone access to your code (or other data) they can find a way to copy it. There are some ways to make it a little harder, but most of those make the work you want done harder, too. 😅

The main recourse you have is legal action, e.g. file a DMCA notice on the upload, or sue them. You should probably seek legal advice before doing any of it though.