Fake GitHub Enterprise / GitLab Premium / Bitbucket DevOps subscription payment failed, repositories and CI/CD pipelines suspended, or organization access revoked phishing — fraudulent email impersonating GitHub Enterprise, GitLab, or Bitbucket claiming the subscription payment has failed, repositories and pull requests are going offline, or Actions CI/CD pipelines are suspended — distinct from GitHub Copilot developer tool phishing; GitHub Enterprise: 100K+ organizations ($21/seat/month); GitLab: 30M+ users, Premium $29/seat/month; repository suspension means the entire development team simultaneously loses code access, PR review workflows, and automated build pipelines

Phishing emails impersonating GitHub Enterprise, GitLab Premium, or Bitbucket claiming the DevOps subscription payment has failed, repositories and pull requests are going offline, or CI/CD pipelines are suspended — directing them to update billing or restore repository access through a credential-harvesting portal. Distinct from the existing fake-github-copilot-jetbrains-developer-tool-subscription-phish (AI coding assistant / IDE license) — this targets source code hosting and DevOps platform billing, which affects the entire development organization. Key facts: (1) Repository suspension shuts down the entire development team simultaneously: GitHub Enterprise serves 100K+ organizations ($21/seat/month Enterprise Cloud, $21/seat/month Enterprise Server) as the primary source code hosting and collaboration platform; when a GitHub Enterprise subscription lapses, all team members simultaneously lose access to every repository — developers cannot push code, review pull requests, merge branches, or trigger automated workflows; a development team that cannot access its repositories cannot ship any code, making this a complete business halt for engineering organizations; (2) GitHub Actions CI/CD pipeline suspension multiplies the urgency: GitHub Actions is deeply integrated with the repository — when Enterprise billing lapses, scheduled workflows stop, deployment pipelines fail, automated test suites cease running, and release automation halts; for teams with continuous deployment to production, a CI/CD suspension means the software delivery pipeline stops, preventing security patches, bug fixes, and feature releases from reaching customers; (3) GitLab's 'single application' positioning makes subscription lapse uniquely comprehensive: GitLab serves 30M+ users with Premium ($29/seat/month) and Ultimate ($99/seat/month) tiers providing not just code hosting but issue tracking, project planning, security scanning, and compliance management in one platform; a GitLab Premium subscription lapse downgrades the instance to Free tier, removing merge request approval rules, code quality reports, group-level security dashboards, and compliance frameworks simultaneously; (4) Bitbucket's integration with Atlassian products creates compound urgency: Bitbucket ($3-6/user/month, part of Atlassian stack) is deeply integrated with Jira for issue tracking and Confluence for documentation; a Bitbucket subscription suspension breaks the automated Jira integration that closes tickets on merge, disrupts development workflows built around Smart Commits, and severs the deployment tracking pipeline connecting code to project management; (5) DevOps platform credentials give attackers access to all source code repositories, CI/CD pipeline configurations, deployment secrets, environment variables, and API tokens stored as repository secrets — the most comprehensive codebase and infrastructure access possible. Warning signs: sender not github.com, gitlab.com, or bitbucket.org; GitHub Enterprise billing is managed at github.com/organizations/[org]/settings/billing.