Serverless currently vulnerable to Arbitrary File Write

How big companies are dealing with such a case? At my company, we have a mandatory audit step in the CI. Of course, one can still bypass it by dropping the step in order to deploy but I'm curious to know how others deal with that.