How do you securely manage your software if you’re a company with more than 90,000 employees selling over 60,000 products? Well, that’s 3M and that’s their challenge.

3M is synonymous with innovation, from its well-known Post-It® Notes to products used in a wide range of industries including health care, automotive and manufacturing. In its pursuit of innovation, the company is focused on how digital solutions can unlock the power of people, ideas, and science to reimagine what’s possible. 3M’s technology is contributing to sustainable development through social responsibility and economic progress. With teams focused on everything from industrial products to consumer goods, 3M has helped millions of customers in their manufacturing sites, industries, offices, homes, and daily lives for 120 years.

3M’s digital transformation is the result of a carefully coordinated alignment of business operations. The company has embraced an inner source approach–sharing code and collaborating across development teams. Historically, knowledge silos made sharing a challenge. Code was scattered across repositories that use popular, commercially available code repository systems.

To help support their transformation, 3M turned to GitHub. Tina Beamer, 3M IT Manager of Operations and Quality, is at the forefront of this innersource movement. Her team helps to standardize software development across 3M, which includes everything from health care devices to adhesives. “Software is at the core of many of our products at 3M. Therefore, we need all of our source code in one location, securely hosted with no risk of downtime,” explains Beamer. “Whether it’s 3M’s automotive, adhesive or health care products, all of these codebases live in GitHub.”

In addition to knowledge fragmentation, the use of disparate tools to store and manage code created inefficiencies and complicated CI/CD workflows because developers had to learn many different systems and frequently switch context in order to do their work. “With GitHub, we can collaborate better across our various environments,” said Beamer. “You don’t have to go out to a separate project management tool. You don’t have to go to a spreadsheet, or a Microsoft project, or into Jira. It’s all on GitHub. It’s made us more productive.”

As an example, standardizing on GitHub gives the 3M Health Care Business Group a central place to share code and manage secure DevOps pipelines. 3M uses GitHub to drive innersource initiatives within the company and eliminate duplicative efforts, tap the organization’s collective knowledge, and collaborate across teams to improve software. “Code sharing is fairly large at 3M,” explains 3M Cloud and Security Architect Paul Pottorff. “We have gone from nothing to almost 3,000 innersource repos.”

You don’t have to go out to a separate project management tool. You don’t have to go to a spreadsheet, or a Microsoft project, or into Jira. It’s all on GitHub. It’s made us more productive.

“Innersource helps our divisions accelerate time to market and accelerate digital product development,” explains Rob Fuchsteiner, 3M Director, Digital Product Center of Excellence, “The less friction we have in our development environment, the faster we can go. GitHub powers these pipelines and enables us to work so much faster.”

Another benefit to standardization is having a unified process framework. This means workflows can be automated to increase efficiency through tools like GitHub Actions. Using actions enables 3M to automate aspects of building, testing and deploying code right from GitHub with no need for context switching. “GitHub allows us to develop more stable and reliable applications at a faster cadence. Pipelines that function smoothly allow us to more quickly and securely deliver new features to our customers,” Pottorff says. “Since 2015, we’ve gone from 400 deployments in 60 days to 15,000.”

Security is another important focus at 3M. “GitHub is at the center of our shift left strategy,” Pottorff explains. “GitHub, along with GitHub Advanced Security allows us to seamlessly identify vulnerable dependencies, code and containers. We can then deliver that information through GitHub to developers and address security issues prior to the deployment of code in production environments.”

GitHub allows us to develop more stable and reliable applications at a faster cadence. Pipelines that function smoothly allow us to more quickly and securely deliver new features to our customers. Since 2015, we’ve gone from 400 deployments in 60 days to 15,000.

With GitHub, the ability of 3M developers to work collaboratively, investigate and address security issues has substantially improved. With Dependabot they have also seen improvement in their ability to identify and respond to vulnerabilities in software dependencies. Developers are presented with actionable data to quickly resolve dependency vulnerabilities. Security teams now have ready access through their GitHub enabled security roles to investigate and work directly with developers when exploits are discovered in popular libraries. “Dependabot is valuable for us because we have so many dependencies in our code,” Pottorff explains. “Using Dependabot and GitHub reporting features, we were able to quickly identify everywhere a recent code vulnerability was implemented and work directly with development teams to upgrade and mitigate vulnerabilities, easily updating remediation progress reports.”

All of these security tools have had an impact on the security culture of 3M. The company is now able to mobilize developers to take an active role in securing their code. “This has created a new expectation. Developers now consider things such as dependencies and security when filing pull requests,” Pottorff says. “There’s much more thought up front about what finds its way into the codebase. Developers don’t want our calls.”

The embrace of open source, standardized DevOps pipelines, and automated security protections resulted in an overall improvement not just in speed to market, but in quality of code and fostered more teamwork at 3M. 3M is currently in the process of migrating another large collection of code into GitHub, heavily using GitHub Professional Services and provided repo migration tools. GitHub has increased transparency and cooperation across their organization. “GitHub is not only bringing people together, but it is also accelerating our research and development and simplifying the way we do work globally,” Fuchsteiner said. “People are using GitHub to collaborate in a way that they never were able to do before.”