What are the IATF requirements and/or industry standard for storing source code files? For example, I was "told" that using external web-based storage sites such as GIT are not good practice for automotive industry. What are the big automotive companies doing for this?
Basically, they do not define as good practice using external web-based storage sites such as GIT, which provides you implement security measures to ensure only authorized personnel can have access to the code, like access control, cryptography, etc. Considering ISO 27001, the leading ISO standard for information security, you should perform a risk assessment to identify if these controls are enough to provide the security you want in this scenario (for example, for basic applications, such controls may be enough, but for more sensitive applications you should be considering not using this approach).