Driving Digital Transformation in Manufacturing with GitHub Advanced Security & Copilot

The business set out to gain a comprehensive understanding of the unique workflows and tasks across its diverse engineering teams to effectively pinpoint the most valuable use cases for GitHub Copilot. This involved a detailed exploration of how different teams could benefit from the tool as well as a thorough assessment of the potential return on investment (ROI) that could justify a more extensive deployment of the technology across the organization.

In addition to this, they needed to establish a strong foundational baseline for GitHub Advanced Security (GHAS). This baseline would be instrumental in ensuring that GHAS could be seamlessly integrated into existing workflows and fully leveraged alongside CodeQL, maximizing its impact on security practices throughout the engineering teams. By doing so, they aimed to not only improve security outcomes but also streamline and enhance development efficiency across the board.

Results and Impact 

Their CTO, tracked key metrics, revealing significant improvements: 

Time Saved:  

• 41% of developers saved 2-5 hours/week 
• 33% saved 1-2 hours/week 
• 17% saved 5-10 hours/week 
• 9% experienced minimal change 

72% reduction in dependency on online resources. 

SPACE Metrics: Activity increased from 10 to 30, PR count/day rose by 80%, code churn by 120%, cycle time decreased by 8%, merge time by 12%, and defects by 15%. 

The foundational configuration of GHAS was tailored to its unique, segmented structure, enhancing security and enabling proactive code scanning throughout the SDLC.  

Atmosera worked with several business units within the company to tackle differing levels of problems in these teams. Each team posed a unique challenge and the level of expertise needed within GHAS. The following was accomplished between the differing teams: 

• CodeQL Remediation: Worked with the team’s Security engineers to remediate failed CodeQL deployments. 
• Dependabot: Helped the team understand the use of dependabot and how it can benefit their coding practices. 
• Secret Scanning: Built the team a new process and technical approach to secret scanning utilizing GHAS  

Key Learnings 

The extended pilot demonstrated that GitHub Copilot can boost velocity, reduce bugs, and align saved bandwidth with program increments, transforming its development process. Developers reported significant productivity improvements, including time savings from generated suggestions and reduced context switching.  

A 25% efficiency gain was noted (beyond time saved) across its SDLC, translating to $140,000 saved per week with 800 developers. 

GHAS improved its security standards, allowing product teams to focus on development without security concerns. It saw teams that were originally failing to produce effective results with GHAS, now able to affect teams of up to 1000 developers efficiently.  

Without proper implementation of GitHub Advanced Security, it can create too much noise for teams to properly control. An iterative and thoughtful approach to implementation is required to not overload developers and create an environment they will engage in proactively.

Why Atmosera?

As a trusted GitHub and Microsoft Partner, Atmosera consistently delivers high-impact, cost-effective solutions tailored to its needs. By maintaining a close collaboration with the business, Atmosera is committed to supporting its future growth through strategic initiatives. These plans include scaling the deployment of GitHub Copilot, providing ongoing security consulting, and offering advanced Azure consulting services. Atmosera’s expertise extends to guiding it through migrations to Azure Kubernetes Service (AKS) and transitioning from AWS to Azure, ensuring seamless and efficient cloud transformations.