quality_assurance · manufacturing · workflow

General Motors consolidates 150,000 repositories and deploys GitHub Copilot to accelerate secure software delivery at scale

GM's developer ecosystem was fragmented across more than 40 tools, creating friction for developers, slowing the development process, and making it difficult to enforce consistent security policies across 150,000 repositories and nearly 20,000 developers.

How it works
Common implementation structure
How this type of workflow is generally built, generalized across documented cases — not tied to any one vendor's stack. Click any stage to read what happens there. Specific products that implement these stages appear in “Tools commonly seen” below.
Stage 1 · Fragmented toolchain identified
GM's developer ecosystem, fragmented across more than 40 tools, created friction for developers and slowed the entire development process.
Tools used
GitHub Enterprise CloudGitHub Advanced SecurityGitHub CopilotGitHub ActionsCodeQLCopilot AutofixCopilot Coding AgentCopilot Code ReviewVS CodeVisual StudioJetBrains suite
Outcome

GM unified 99% of its source code on GitHub Enterprise Cloud, cut a critical build from four to six hours to 27 minutes, remediated 100% of leaked secrets, and enabled over 8,000 developers to use GitHub Copilot, delivering significant annual savings and allowing engineers to focus on meaningful work.

What failed first

On-premises infrastructure imposed lengthy build queues with non-elastic shared runners that caused cross-team instability and build failures. The Log4j vulnerability exposed the risk of fragmented security tooling, and initial scans surfaced more than 22,000 exposed secrets and over 1.2 million potential vulnerabilities.

Results
Time savedfour to six hours reduced to 27 minutes
Volumemore than 22,000
Source

https://github.com/customer-stories/general-motors

How we source this →

Grounding & classification
Source type: vendor customer story
44 fields verified against source quotes.
anomaly detectioncode generationdocument aisummarizationcode diff prknowledge basefailure mode describedhuman review describedmetric backednamed customerproduction runtime claimedtools describedworkflow describedautomotivecycle time reductionemployee productivityerror reductiontime savedvendor customer storyback office opscompliance monitoringquality assuranceai draft human approvalautonomous resolution