Professional Documents
Culture Documents
NOVEMBER 2022
Forrester provides independent and objective research-based consulting to help leaders deliver key transformation
outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their
priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit
forrester.com/consulting.
© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best
available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester
Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their
respective companies. For additional information, go to forrester.com.
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY
Executive Summary
Organizations are under increasing pressure to produce secure, defect-free code. The
environment is often a patchwork of open source tools from different vendors connected
by homegrown code. Moving code between different tools can lead to code defects.
Remediating defects is very costly and can threaten an organization's reputation. GitHub
Enterprise Cloud and Advanced Security solve this by providing a single uniform platform
for developing secure code at all phases of the software development life cycle.
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 1
EXECUTIVE SUMMARY
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 2
EXECUTIVE SUMMARY
composite organization save time preparing for • Customer satisfaction. With fewer defects in its
audits, and it is able to cut the time auditors software code, the composite organization sees
spend preparing for audits in half, resulting in less application downtime, while faster mean time
savings of $2.7 million. to remediation (MTTR) for problems that still
make it into production increases application
• Savings from retiring legacy development
uptime and overall customer satisfaction.
tools. GitHub Enterprise Cloud, Actions, and
Advanced Security perform most of the • Better collaboration between teams. GitHub
centralized tasks that legacy open source tools Enterprise Cloud enables the development team
perform, eliminating the need for these tools and to centralize the enterprise code base, making it
reducing the friction caused by moving code easier for developers in different departments to
between the remaining tools with standard share best practices with the organization. For
application programming interfaces (APIs). the security teams, GitHub Advanced Security
Standardizing GitHub Enterprise Cloud and allows the organization to dynamically manage
Advanced Security allows the composite and react to security threats with a unified
organization to eliminate centralized legacy tools security posture. The composite organization
and the hardware that supports them. The experiences enhanced collaboration among
composite organization realizes a total cost of developers across regions and teams.
ownership savings of $811,900.
Costs. Three-year, risk-adjusted PV costs for the
composite organization include:
Unquantified benefits. Benefits that provide value The financial analysis which is based on the
for the composite organization but are not quantified interviews and survey found that a composite
for this study include: organization experiences benefits of $168.42 million
over three years versus costs of $31.63 million,
• Employee satisfaction. The use of GitHub adding up to a net present value (NPV) of $136.80
saves the composite organization's staff time and million and an ROI of 433%.
energy, and it allows them to spend more time on
productive activities. This increases employee
satisfaction and retention of highly skilled
resources in several IT departments.
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 3
EXECUTIVE SUMMARY
Benefits (Three-Year)
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 4
EXECUTIVE SUMMARY
The objective of the framework is to identify the cost, INTERVIEWS AND SURVEY
benefit, flexibility, and risk factors that affect the Interviewed four representatives and surveyed
investment decision. Forrester took a multistep 147 respondents at organizations using GitHub
approach to evaluate the impact that GitHub can Enterprise Cloud and Advanced Security to
have on an organization. obtain data with respect to costs, benefits, and
risks.
COMPOSITE ORGANIZATION
Designed a composite organization based on
characteristics of the interviewees and survey
respondents.
GitHub reviewed and provided feedback to Forrester, but flexibility, and risks. Given the increasing
Forrester maintains editorial control over the study and its sophistication of ROI analyses related to IT
findings and does not accept changes to the study that
investments, Forrester's TEI methodology
contradict Forrester’s findings or obscure the meaning of
the study. provides a complete picture of the total
GitHub provided the customer names for the interviews economic impact of purchase decisions. Please
but did not participate in the interviews. see Appendix A for additional information on the
Forrester fielded the double-blind survey using a third- TEI methodology.
party survey partner.
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 5
The GitHub Enterprise Cloud & Advanced Security Customer Journey
Drivers leading to the investment in GitHub Enterprise Cloud and Advanced Security
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 6
THE GITHUB ENTERPRISE CLOUD & ADVANCED SECURITY CUSTOMER JOURNEY
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 7
THE GITHUB ENTERPRISE CLOUD & ADVANCED SECURITY CUSTOMER JOURNEY
SOLUTION REQUIREMENTS
Investment objectives. The interviewees'
organizations were determined to reduce the “We were not in a good place from a
frequency of security vulnerabilities getting into
security perspective before GitHub. We
did not have uniform ways for
production and speed up releasing software products
vulnerability dependency management.
to market. They searched for a solution that could:
We did not have uniform ways of
• Reduce the number of security flaws. managing software vulnerability. We
would do vulnerability management at the
• Better protect intellectual property.
infrastructure layer.”
• Increase developer productivity.
Engineering director, financial consulting
• Reduce the number of software defects.
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 8
THE GITHUB ENTERPRISE CLOUD & ADVANCED SECURITY CUSTOMER JOURNEY
COMPOSITE ORGANIZATION
Based on the interviews and survey, Forrester
constructed a TEI framework, a composite company, Key Assumptions
and an ROI analysis that illustrates the areas
• Global operations with central
financially affected. The composite organization is
data center
representative of the four interviewees and the 147
survey respondents, and it is used to present the • GitHub Enterprise Cloud and
aggregate financial analysis in the next section. The Advanced Security deployed in
composite organization has the following the cloud
characteristics: • 7,000 GitHub users in Year 1,
Description of composite. The composite adding 500 users per year
organization is a consulting enterprise with 120,000 • 20,000 code repositories
employees and 7,000 developers, growing at 500 per
year. It has global operations and a central data
• Uses GitHub Codespaces,
center.
Actions, Dependabot, and
Discussions
Deployment characteristics. The composite
• Testing GitHub Copilot
organization deploys GitHub Enterprise Cloud in the
cloud, it uses GitHub Advanced Security, Actions,
Codespaces, Discussions, and Pages, and it is
testing Copilot. The development team manages
20,000 code repositories and $100,000 in legacy
hardware. It has used GitHub for five years.
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 9
Analysis Of Benefits
Quantified benefit data as applied to the composite
Total Benefits
Ref. Benefit Year 1 Year 2 Year 3 Total Present Value
Increased developer
Atr $36,893,961 $65,965,185 $77,484,479 $180,343,625 $146,271,882
productivity
Reduced need to support
Btr local legacy and open source $1,356,395 $2,910,229 $4,661,500 $8,928,124 $7,140,488
tools
Efficiencies from fewer code
Ctr $1,957,950 $2,100,450 $2,242,950 $6,301,350 $5,201,025
defects and vulnerabilities
Reduced developer
Dtr onboarding training time $714,000 $1,530,000 $1,734,000 $3,978,000 $3,216,334
through automation
Improved DevOps and site
Etr $876,096 $1,314,144 $1,642,680 $3,832,920 $3,116,690
reliability engineer efficiency
Time savings on IT audit
Ftr $1,071,000 $1,071,000 $1,071,000 $3,213,000 $2,663,418
preparation
Savings from retiring legacy
Gtr $237,500 $332,500 $427,500 $997,500 $811,890
development tools
BENEFITS BY CATEGORY
Time savings on IT audit preparation, $2.7 million Savings from retiring legacy development
tools, $811,900
Improved DevOps and site reliability
engineer efficiency, $3.1 million
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 10
ANALYSIS OF BENEFITS
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 11
ANALYSIS OF BENEFITS
• A developer working 2,080 hours a year spends • The utilization of GitHub Advanced Security.
75% of that time on software development tasks.
• The level of democratization of access to code
Of these 1,560 hours, 85% (1,326 hours) are
throughout the organization.
spent coding, scanning, and on rework.
• The number of legacy tools in production.
• After implementing GitHub Enterprise Cloud and
Advanced Security, the composite organization
sees productivity gains of 12% in Year 1. The
initial investment in creating templates and “Dependabot opens an issue, for
workflows by DevOps and DevSecOps example: for dependency bugs. Earlier, it
contributes to accumulative productivity gains of was an infinite wait time because it wasn’t
20% in Year 2 and 22% in Year 3. being addressed. Now, it goes from
infinite to essentially addressable as soon
• The composite organization sees a 50% as the developer can get to it. So, the ROI
productivity recapture rate. there is huge.”
Risks. The benefit can vary by organization due to Director of architecture, telecom
the following factors:
A2 Hourly fully loaded cost of a developer FTE TEI standard $75 $75 $75
A3 Hours worked on coding, scanning and rework Composite 1,326 1,326 1,326
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 12
ANALYSIS OF BENEFITS
REDUCED NEED TO SUPPORT LOCAL LEGACY • Of the 6,870 software developers, 10% (687
AND OPEN SOURCE TOOLS developers) are assigned to managing distributed
Evidence and data. Before implementing GitHub, legacy applications. They spend 15% (234 hours)
each of the organizations' developer teams would of their productive time managing the local server
determine the tools they used to create code. There and legacy software.
was little coordination on tool selection between • The fully loaded hourly cost of a developer FTE is
teams. Because of the decentralization, the DevOps $75.
and DevSecOps teams were not able to support
these diverse systems. Each developer team would • After implementing GitHub Enterprise Cloud and
have to assign a developer as the local DevOps Advanced Security, the composite organization
person responsible for maintaining the local toolset phases out the maintenance of legacy tools and
and infrastructure. This resource would perform all saves 25% on maintenance labor in Year 1, 50%
the functions that the centralized DevOps team would in Year 2, and 75% in Year 3.
perform but without the institutional knowledge base • The composite organization sees a 50%
of the data center. This developer also became a productivity recapture rate.
bottleneck should an incident occur within the local
development environment.
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 13
ANALYSIS OF BENEFITS
B2 Hours spent on local operations per developer (annually) Composite 234 234 234
B3 Productivity gains from fewer legacy tools requiring maintenance Interviews 25% 50% 75%
B4 Hourly fully loaded cost of a developer FTE TEI standard $75 $75 $75
Bt Reduced need to support local legacy and open source tools B1*B2*B3*B4*B5 $1,507,106 $3,233,588 $5,179,444
Reduced need to support local legacy and open source tools (risk-
Btr $1,356,395 $2,910,229 $4,661,500
adjusted)
EFFICIENCIES FROM FEWER CODE DEFECTS and reduced the time developers spent
AND VULNERABILITIES troubleshooting defects.
Evidence and data. Interviewees reported that Interviewees' organizations reduced the number of
without automation in their organization's CI/CD bugs developers created, eliminating tens of
environment, software defects and security thousands of hours per year in remediation time. The
vulnerabilities made it far into the SDLC before being director of architecture at the telecom firm said:
detected. In many cases, the exposures were not "Previously, it took two developers on average a
discovered until the infrastructure layer. week — or 80 hours — to address an issue. Now, it
After implementing GitHub Enterprise Cloud and takes them 6 hours altogether. So, that's a big drop
Advanced Security and utilizing Actions, there [and] a pretty significant improvement."
Codespaces, Dependabot, and GitHub's secret Survey participants noted the following reduction of
scanning capability, the number of issues was security flaws in their organizations due to GitHub:
drastically reduced. A director of architecture at a
telecom firm said: "When we turned on Advanced
Security, we immediately found about 15,000 known
issues, and we've cut that down to about 5,000. So, it
led to pretty rapid attention to things that were largely
unknown previously."
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 14
ANALYSIS OF BENEFITS
Modeling and assumptions. Based on the GitHub • The effective use of the GitHub solution stack in
customer interviews, Forrester estimates the implementing automation in the CI/CD
following about the composite organization: environment.
• The composite organization's 6,870 developers • The number of legacy open source tools.
finds an average of 38,667 code defects per
year.
C1 Number of software bugs and vulnerabilities reduced (annually) Composite 6,870 7,370 7,870
C3 Hourly fully loaded cost of a developer FTE TEI standard $75 $75 $75
Ct Efficiencies from fewer code defects and vulnerabilities C1*C2*C3*C4 $2,061,000 $2,211,000 $2,361,000
Ctr Efficiencies from fewer code defects and vulnerabilities (risk-adjusted) $1,957,950 $2,100,450 $2,242,950
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 15
ANALYSIS OF BENEFITS
• GitHub Actions (through automated workflows) • The fully loaded hourly cost of a developer FTE is
and Codespaces (through templates) eliminated $75.
mundane coding tasks, further reducing the
• Each new developer previously required ten days
number of things new developers needed to
(80 hours) of training.
learn. They were able to contribute within days.
• Developer training time is reduced from 10 days
• Since new developers typically generate more
to two days (16 hours), which is a reduction of 64
code defects, GitHub Advanced Security and
hours per new hire.
Dependabot proved helpful because they helped
to catch coding errors and security vulnerabilities • The composite organization sees a 50%
early. This automation further reduced the time productivity recapture rate.
needed to train developers on best coding Risks. The benefit can vary by organization due to
practices. the following factors:
• GitHub Actions and Codespaces indirectly taught • The skill level of the new-hire developers.
junior developers best practices by identifying
poor coding practices. • The complexity of the development environment.
• GitHub Discussions, a forum for sharing ideas, • The effective implementation of automated
allowed new developers to ask questions of more workflows in GitHub.
senior developers, share best practices, and Results. To account for these risks, Forrester
become part of the developer community from adjusted this benefit downward by 15%, yielding a
Day 1. three-year, risk-adjusted total PV (discounted at 10%)
of more than $3.2 million.
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 16
ANALYSIS OF BENEFITS
D2 Hourly fully loaded cost of a developer FTE TEI standard $75 $75 $75
Dt Reduced developer onboarding training time through automation D1*D2*D3*D4 $840,000 $1,800,000 $2,040,000
GitHub Actions, Codespaces, and Advanced Security Survey participants noted the following productivity
reduced the time DevOps and DevSecOps teams improvements:
spent managing the centralized developer
environment by creating templates and workflows.
The standardization and automation also reduced the
number of software defects and security flaws
DevOps and DevSecOps needed to remediate.
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 17
ANALYSIS OF BENEFITS
Modeling and assumptions. Based on the GitHub • The effective implementation of templates and
customer interviews, Forrester estimates the automated workflows in GitHub.
following about the composite organization:
• The number of legacy open source tools.
• The composite organization employs 80 DevOps
FTEs and 50 DevSecOps FTEs.
• The fully loaded hourly costs of a DevOps and “We are working together with virtually
DevSecOps FTE is $75. thousands of other software suppliers,
• Of the 2,080 hours worked in a year, 75% of the
and every big supplier also has a stake in
supplying software to us. We totally lost
time (1,560 hours) is spent managing operations,
grasp of the source code, so one of the
code quality, production rollouts, CI/CD, etc.
driving forces and main benefits of
• DevOps and DevSecOps reduce the time spent GitHub is that we can keep control of our
on managing operations and remediating issues source code.”
by 8% in Year 1, 12% in Year 2, and 15% in Year
3. Deputy lead of dynamic platforms,
automotive manufacturing
• The composite organization sees an 80%
productivity recapture rate.
E3 Hourly fully loaded cost of a DevSecOps FTE Composite $75 $75 $75
E4 Hours worked on code quality, production rollout, CI/CD Composite 1,560 1,560 1,560
Et Improved DevOps and site reliability engineer efficiency (E1+E2)*E3*E4*E5*E6 $973,440 $1,460,160 $1,825,200
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 18
ANALYSIS OF BENEFITS
TIME SAVINGS ON IT AUDIT PREPARATION documentation that lives on those GitHub Pages, and
Evidence and data. Interviewees said that before I've used that as evidence in audits."
using GitHub, their organizations had teams of Survey participants noted the following productivity
auditors that would gather documentation from the improvements:
decentralized environments. The nonstandard way of
performing SDLC tasks led to an effort to merge the
documentation from multiple repositories into a single
format that could be used for audit purposes. In many
cases, dedicated auditor teams worked full-time,
manually performing internal and external audits.
“We consider source code an important • The composite organization sees an 80%
asset and part of our intellectual property. productivity recapture rate.
So, one big driver to consider GitHub was
Risks. The benefit can vary by organization due to
our strategy to bring all source code
the following factors:
together to have everything documented
at one central location and to also have it • The number of auditors and the average hourly
under our control.” cost of audit FTEs.
Deputy lead of dynamic platform, • The types of audits performed.
automotive manufacturing
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 19
ANALYSIS OF BENEFITS
F3 Hourly fully loaded cost of an audit FTE Composite $45 $45 $45
F1*F2*F3*250
Ft Time savings on IT audit preparation $1,260,000 $1,260,000 $1,260,000
days*F4
SAVINGS FROM RETIRING LEGACY Survey participants noted the following productivity
DEVELOPMENT TOOLS improvements:
Evidence and data. The DevOps and DevSecOps
teams at the interviewees' organizations managed
centralized infrastructures for many legacy tools. By
standardizing GitHub Enterprise Cloud, many of
these servers were no longer needed and could be
decommissioned over time.
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 20
ANALYSIS OF BENEFITS
Gtr Savings from retiring legacy development tools (risk-adjusted) $237,500 $332,500 $427,500
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 21
ANALYSIS OF BENEFITS
'parts warehouse' where developers can find part of a specific project (described in more detail in
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 22
Analysis Of Costs
Quantified cost data as applied to the composite
Total Costs
Ref. Cost Initial Year 1 Year 2 Year 3 Total Present Value
COSTS BY CATEGORY
$31.6 million
three-year total
costs PV
This section examines the costs incurred with licensing, setting up,
customizing, and managing the GitHub platform.
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 23
ANALYSIS OF COSTS
Fees To GitHub
Ref. Metric Source Initial Year 1 Year 2 Year 3
H2 GitHub Enterprise Cloud license fees (monthly) GitHub $21 $21 $21
H3 GitHub Advanced Security license fees (monthly) GitHub $49 $49 $49
H5 GitHub Actions and Codespaces usage fees Interviews $84,000 $90,000 $96,000
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 24
ANALYSIS OF COSTS
Internal Costs
Ref. Metric Source Initial Year 1 Year 2 Year 3
I3 Hourly fully loaded cost of a DevOps FTE TEI standard $75 $75 $75 $75
I7 Hourly fully loaded cost of a FTE TEI standard $75 $75 $75 $75
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 25
Financial Summary
$140.0 M
$120.0 M
-$20.0 M
Initial Year 1 Year 2 Year 3
ROI 433%
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 26
Appendix A: Total Economic
Impact
Total Economic Impact is a methodology developed PRESENT VALUE (PV)
by Forrester Research that enhances a company's
The present or current value of
technology decision-making processes and assists
(discounted) cost and benefit estimates
vendors in communicating the value proposition of
given at an interest rate (the discount
their products and services to clients. The TEI
rate). The PV of costs and benefits feed
methodology helps companies demonstrate, justify,
into the total NPV of cash flows.
and realize the tangible value of IT initiatives to both
senior management and other key business
stakeholders.
NET PRESENT VALUE (NPV)
TOTAL ECONOMIC IMPACT APPROACH The present or current value of
Benefits represent the value delivered to the (discounted) future net cash flows given
business by the product. The TEI methodology an interest rate (the discount rate). A
places equal weight on the measure of benefits and positive project NPV normally indicates
the measure of costs, allowing for a full examination that the investment should be made,
of the effect of the technology on the entire unless other projects have higher NPVs.
organization.
Costs consider all expenses necessary to deliver the RETURN ON INVESTMENT (ROI)
proposed value, or benefits, of the product. The cost
A project’s expected return in percentage
category within TEI captures incremental costs over
terms. ROI is calculated by dividing net
the existing environment for ongoing costs
benefits (benefits less costs) by costs.
associated with the solution.
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 27
Appendix B: Interview And Survey Demographics
Interviews
Deputy lead of dynamic platforms Automotive manufacturing $130 billion 22,000 globally (internal and external)
Survey Demographics
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 28
Appendix C: Endnotes
1 Total Economic Impact is a methodology developed by Forrester Research that enhances a company's
technology decision-making processes and assists vendors in communicating the value proposition of their
products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the
tangible value of IT initiatives to both senior management and other key business stakeholders.
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 29
THE TOTAL ECONOMIC IMPACT™ OF GITHUB ENTERPRISE CLOUD AND ADVANCED SECURITY 30