Choosing the Right GitHub for Your Team at UCSF

When people say “GitHub,” they often mean the public, open-source website www.github.com — where anyone can browse and contribute to millions of public code repositories.

But that’s not what we’re talking about here.

At UCSF, we offer two secure, enterprise-grade GitHub environments through our UCSF GitHub Enterprise Program — both designed to support your development work safely and effectively:

• GitHub Enterprise On-Premises – Hosted internally at UCSF (git.ucsf.edu)
• GitHub Enterprise Cloud – A private, UCSF-licensed version of GitHub Cloud (not public GitHub.com)

Both are free for all UCSF employees and affiliates and include enhanced security, compliance support, and integration with UCSF systems.

Understanding Sensitive Data: P3 & P4

Before choosing a platform, it’s critical to understand UCSF’s Data Classification Standard:

• P3 (Protected): e.g., internal research, unpublished data, employee records
• P4 (Restricted/Highly Sensitive): e.g., PHI, Social Security numbers, data governed by HIPAA or FERPA

If your work involves P3 or P4 data, you must choose a GitHub environment that meets UCSF’s strict security and privacy requirements.

Use GitHub Enterprise On-Prem (git.ucsf.edu) If:

• You need to store, access, or process P3 or P4 data
• Your project involves sensitive research, protected health information, or internal systems
• You want UCSF-hosted, firewalled access and tight administrative controls
• You need deep integration with internal UCSF tools like Jira or SonarQube

✅ UCSF GitHub Enterprise On-Prem is approved for storing P3 and P4 data, but always use caution. Every upload creates a new copy of sensitive data, and it’s your responsibility to ensure proper access and security controls.

Use GitHub Enterprise Cloud (UCSF Licensed) If:

• Your code does not contain P3 or P4 data
• You’re collaborating across and outside UCSF
• You prefer the scalability and modern UI/UX of GitHub Cloud
• You want access to plug and play features like GitHub Actions
• You want an easy, free way to manage non-sensitive projects with UCSF support

💡 This is not public GitHub.com — this is UCSF’s private, licensed instance of GitHub Cloud, available at no cost to you as a UCSF affiliate.

Use Enterprise Cloud for general development, automation, or collaboration when no protected data is involved.

Integrations That Improve Your Workflow

Both GitHub Enterprise environments support powerful integrations:

• Microsoft Teams: Receive GitHub updates in real time
• Webhooks: Automate builds, testing, and internal notifications
• RSS Feeds: Stay on top of repo activity

These tools help streamline your workflow — and are fully supported by the DevEx team.

TL;DR – Which GitHub Should You Use?