General Motors consolidates 150,000 repositories and deploys GitHub Copilot to accelerate secure software delivery at scale
GM's developer ecosystem was fragmented across more than 40 tools, creating friction for developers, slowing the development process, and making it difficult to enforce consistent security policies across 150,000 repositories and nearly 20,000 developers.
How it works
Common implementation structure
How this type of workflow is generally built, generalized across documented cases — not tied to any one vendor's stack. Click any stage to read what happens there. Specific products that implement these stages appear in “Tools commonly seen” below.
Stage 1 · Fragmented toolchain identified
GM's developer ecosystem, fragmented across more than 40 tools, created friction for developers and slowed the entire development process.
GM unified 99% of its source code on GitHub Enterprise Cloud, cut a critical build from four to six hours to 27 minutes, remediated 100% of leaked secrets, and enabled over 8,000 developers to use GitHub Copilot, delivering significant annual savings and allowing engineers to focus on meaningful work.
What failed first
On-premises infrastructure imposed lengthy build queues with non-elastic shared runners that caused cross-team instability and build failures. The Log4j vulnerability exposed the risk of fragmented security tooling, and initial scans surfaced more than 22,000 exposed secrets and over 1.2 million potential vulnerabilities.