That's not entirely true. A website operator is not compelled to remove content on the receipt of a DMCA notice. If Githib fails to remove the content, they lose their 230 safe-harbor protections, meaning they could be sued for secondary liability for copyright infringement.
Github definitely has compelling incentives to remove content on receiving a DMCA notice. If they receive a notice that they think is completely bogus, they do have the option of not responding to it.
To clarify would they lose safe harbor site wide or be on the hook for this specific infringement if held up? If they choose to ignore, get challenged and lose do they lose safe harbor on all content after that?
Only to the content in the DMCA. But that can be very expensive. Do you think Github wants to fight a copyright suit on behalf of something obvious pirate software?
It's not at all obvious they'd lose. Github is not violating anybody's copyright. They're only distributing source code, presumably with the full consent of the authors.
Github doesn't need to violate copyright. Github would be sued under a contributory infringement theory (i.e., the same one that took down napster and kazaa), and could be found liable for the infringement committed by others. The point of the DMCA safe harbor is that by responding to takedown notices (and by not deliberately hosting infringing material), they are immune to infringement actions for hosting infringing material.
Github definitely has compelling incentives to remove content on receiving a DMCA notice. If they receive a notice that they think is completely bogus, they do have the option of not responding to it.