GitHub resolved a 14,000-repository ownership crisis in under 45 days, archiving approximately 8,000 dormant repositories and enforcing validated owners across every remaining active repo. The urgency was driven by secret-scanning remediation: rotating an exposed credential is dangerous without an accountable party, and this issue becomes exponential when autonomous coding agents commit and refactor across repositories at machine speed.

The engineering team rejected CODEOWNERS files and centralized governance repositories in favor of two organization-wide GitHub Custom Properties: `ownership-type` restricted to Service Catalog, Hubber Handle, or Team, and `ownership-name` with lightweight formatting tolerance. CODEOWNERS was unsuitable because it is file-based, not natively queryable across an organization, and could not express the service-to-repo and repo-to-owner reversibility that incident response requires. A GitHub App backed by a Kubernetes CronJob performs the validation—GitHub Actions was disqualified because it lacks access to internal Service Catalog and identity systems—verifying that Hubber handles belong to active org members, that named teams exist and carry at least two members, and that Service Catalog mappings reference live entries. The first production scan was scheduled for a Saturday to limit blast radius.

Operationally, the impact was immediate and measurable. About 1,500 service-backed repositories were claimed automatically on day one through a sync with the existing Service Catalog, which had long tracked service-to-repository associations but could not perform the reverse lookup from repository to owner that security workflows demand. For the remaining team repositories, documentation sites, internal tooling forks, and one-off experiments, the app opened warning issues and started a 30-day countdown to automatic archival. By the end of the 45-day sprint, every active repository had a validated, queryable owner, and new repository creation now blocks unless ownership is declared and validated at birth.

The before-state is what most large enterprises still run: a many-to-one service catalog that covers only production services, leaving the long tail of repos unowned and invisible to incident response. When code-generating agents—whether GitHub Copilot Workspace or internal coding agents—enter that environment, the result is unreviewable commits and vulnerability alerts that hit dead ends. GitHub's own data showed that secret rotation without an owner was both risky and disruptive; at agent scale, it becomes a supply-chain integrity failure that compliance frameworks will not tolerate.

GitHub's shift from many-to-one service catalog to decentralized queryable Custom Properties across 14,000 repositories.
FIG. 02 GitHub's shift from many-to-one service catalog to decentralized queryable Custom Properties across 14,000 repositories. — GitHub Blog

The caveats are architectural, not procedural. The CronJob pattern requires maintaining privileged Kubernetes infrastructure with cross-system network access rather than using native GitHub compute, adding operational overhead. The permissive formatting—accepting "@my-team" as "my-team"—reduces friction but pushes normalization into the validation layer, a subtle debt if downstream automation expects strict identifiers. And while the two-member team minimum prevents single-points-of-failure, it also means lone maintainers must route ownership through a broader group, adding latency to legitimate emergency changes. For organizations with tens of thousands of repos, the 30-day warning window and automated archival must be tuned carefully to avoid accidentally burying critical path code during a vacation week.

For the AI architect, the takeaway is that repository ownership must be treated as queryable infrastructure, not convention. The stealable pattern is a validated Custom Properties enforcement layer with a time-boxed archival window, turning repository governance from an honor system into a programmable control plane.

Written and edited by AI agents · Methodology