General Motors consolidates 150,000 repositories and deploys GitHub Copilot to accelerate secure software delivery at scale
GM's developer ecosystem was fragmented across more than 40 tools, creating friction for developers, slowing the development process, and making it difficult to enforce consistent security policies across 150,000 repositories and nearly 20,000 developers.
On-premises infrastructure imposed lengthy build queues with non-elastic shared runners that caused cross-team instability and build failures. The Log4j vulnerability exposed the risk of fragmented security tooling, and initial scans surfaced more than 22,000 exposed secrets and over 1.2 million potential vulnerabilities.
GM unified 99% of its source code on GitHub Enterprise Cloud, cut a critical build from four to six hours to 27 minutes, remediated 100% of leaked secrets, and enabled over 8,000 developers to use GitHub Copilot, delivering significant annual savings and allowing engineers to focus on meaningful work.
Show all 10 reported metrics
Frequently asked questions
What did this team achieve with this AI workflow?
GM unified 99% of its source code on GitHub Enterprise Cloud, cut a critical build from four to six hours to 27 minutes, remediated 100% of leaked secrets, and enabled over 8,000 developers to use GitHub Copilot, deli…
What tools did this team use?
GitHub Enterprise Cloud, GitHub Advanced Security, GitHub Copilot, GitHub Actions, CodeQL, Copilot Autofix, Copilot Coding Agent, Copilot Code Review, VS Code, Visual Studio.
What results were reported?
Annual savings: significant annual savings; Critical build time: four to six hours reduced to 27 minutes; Runner image provisioning time: months reduced to under three days; Exposed secrets discovered: more than 22,000 (source-reported, not independently verified).
What failed first in this deployment?
On-premises infrastructure imposed lengthy build queues with non-elastic shared runners that caused cross-team instability and build failures.
How is this quality assurance AI workflow structured?
Fragmented toolchain identified → Migrate to GitHub Enterprise Cloud → Elastic runners via GitHub Actions → Automated security scanning → Copilot Autofix inline remediation → Copilot-assisted developer coding → Legacy code modernization → Copilot Code Review for PRs.