1 - Working for a company that does not store any of the data in house and handles software development in github, how would we apply cryptography?
We are not GitHub experts, so our recommendation to you is to consult GitHub staff to see how to apply cryptography to data at rest in your repositories. Maybe these links can provide some information:
2 - I understand you need certain processes to include encryption, but I don't quite see where I could use it.
You can use the results of risk assessment and identified applicable legal requirements (e.g., laws, regulations, and contracts), to build an understanding of where to apply cryptography.
For example, from a contract with a customer, you can identify a clause demanding that all codes developed for that customer must be encrypted, or the results of risk assessment demonstrate that a specific module represents a competitive advantage to your company, so keeping the confidentiality of that code through encryption can be a solution.