Right now at this phase of project we are doing some POCs and kept our code in Azure DevOps Repository from where we trigger our CI/CD build and release pipelines. But the problem is the code from the Azure Repository can be downloaded anywhere (even on one’s own personal laptop) by the person who has access to Azure DevOps. We want that one should not be able to work with Azure DevOps Repository or Azure DevOps Git Repository from outside the company intranet. For that we need some solutions. We have been thinking on some options like 1) Having our codebase in GitHub Enterprise which will be installed and configured in an Azure VM. OR 2) Put IP address restrictions such that IP addresses which fall outside company intranet can’t access Azure DevOps at all.
Could anyone validate which option we should go for or suggest any better option if available. The option should also be cost effective. Will GHE be a better long term solution?