A pull request (PR, also called merge request in GitLab) is a mechanism in version control systems where a developer proposes code changes for integration into the main branch. Before merging, at least one other person reviews the code. Pull requests are a central tool in secure software development because they enforce four-eyes review for every code change. ISO 27001 Annex A.8.25 and A.8.32 require secure development practices and change management. Your development guidelines should define how many reviewers a PR requires and which automated checks (linting, tests, SAST) must pass before merging.