GitHub Enterprise licensing shifted in 2024 and 2025. Copilot split into multiple SKUs. Advanced Security broke into components. The buyer that reads the SKU list and the active user math holds the math at procurement and at every renewal.
GitHub Enterprise is the commercial GitHub offering for organisations. It runs in two deployment models and three subscription tiers, with Copilot and Advanced Security as the major add ons. The 2024 and 2025 SKU changes split Copilot and GHAS into multiple offerings. The buyer side moves recover 20 to 30 percent at procurement and renewal.
Across 45 GitHub Enterprise engagements, median saving against the opening GitHub proposal ran 24 percent. The saving came from active user cleanup, Copilot ramp pattern negotiation, and Advanced Security SKU consolidation across the developer fleet.
GitHub Enterprise is the commercial GitHub offering for organisations. It runs in two deployment models, three subscription tiers, and a growing add on catalogue. The buyer chooses against the developer count, the security needs, and the AI capability roadmap.
The licensing changed substantially in 2023 and 2024 with the addition of GitHub Copilot, GitHub Advanced Security packaging changes, and the GitHub Enterprise Cloud feature parity push. Buyers signing in 2026 face a different SKU shape than buyers who signed in 2022.
Two deployment models cover the entire GitHub Enterprise customer base. The choice anchors the operational model and the security posture.
Three subscription tiers cover the source code management feature set. Add ons sit on top of every tier.
GitHub Enterprise meters in users. The user definition matters. The buyer reads the definition against the developer headcount, contractor population, and machine identity use.
An active user is a user that authenticates against the GitHub organisation in the billing month. A user that does not authenticate does not count, even if the account exists. The active user model rewards user cleanup.
Contractors that authenticate count as users. The buyer reads the contractor population against the user pool before committing the user count. Partner organisations require a separate enterprise account or operate as outside collaborators.
GitHub Apps and service accounts that authenticate using personal access tokens count as users. The buyer side audit pulls every machine identity into the count to plan the deployment correctly.
GitHub Copilot is the AI pair programmer. It sits as a per user add on. The 2024 and 2025 SKU changes split Copilot into multiple offerings. The buyer reads the SKU list before committing.
The core Copilot for Business offer. AI code completion across the supported language list, chat inside the IDE, and the policy controls for organisations. Per user per month metering.
Adds the chat against the organisation knowledge base, pull request summarisation, and the GitHub Spark and Workspace previews. Per user per month at a higher rate than Business.
The agent capability that handles multi step coding tasks. Metered separately from the base Copilot subscription. The buyer side audits the agent task volume against the credit pool.
The default Copilot configuration sends code context to the GitHub Copilot service. Enterprise customers turn off the data retention. The customer reads the data governance settings before deploying to the developer fleet.
GitHub Advanced Security covers secret scanning, code scanning, dependency review, and security alerts. The 2024 SKU split broke GHAS into multiple subscriptions. The buyer reads each SKU against the security operating model.
Detects secrets pushed to repositories. Available as a standalone SKU since 2024. Many customers buy this as the first security purchase.
Static analysis, dependency review, and supply chain protection. The historical core of GHAS. Per active committer metering.
The bundle of secret protection and code security at a discount against the standalone SKUs. Buyers running both should always buy the bundle.
Cost bands depend on developer count, Copilot adoption, and security SKU scope. The bands below cover the typical enterprise procurement positions.
Under 500 developers. Annual list runs $50k to $200k for Enterprise plus Copilot Business. GHAS adds another $80k to $200k. Typical discount runs 10 to 20 percent against list at this volume.
500 to 2,500 developers. Annual list runs $200k to $1.2m. Volume discount runs 15 to 30 percent. The Copilot rate sits at the published rate with limited room.
Above 2,500 developers. Annual list runs $1m to $8m. Volume discount runs 25 to 45 percent. Custom terms negotiable on Copilot pricing and Advanced Security packaging.
The buyer side moves run inside the procurement cycle and at every renewal. Each move targets a counting reconciliation, a SKU optimisation, or a contract redraw for the next term.
The buyer audits the active user count and removes inactive accounts before the renewal anniversary. The cleanup typically recovers 8 to 18 percent of the user count.
The buyer commits to Copilot in a ramp pattern rather than a flat 100 percent commit on day one. The ramp matches the developer adoption curve and avoids paying for unused subscriptions.
The buyer negotiates a 0 to 4 percent renewal cap on a three year term. The cap locks the pricing against the GitHub list price uplift cycle.
GitHub Enterprise cost band reference by developer count
| Developers | Enterprise base | Copilot Business | Advanced Security | Annual total |
|---|---|---|---|---|
| 250 | $63k | $57k | $73k | $193k |
| 500 | $126k | $114k | $147k | $387k |
| 1,500 | $378k | $342k | $441k | $1.16m |
| 5,000 | $1.26m | $1.14m | $1.47m | $3.87m |
| 15,000 | $3.78m | $3.42m | $4.41m | $11.6m |
The checklist takes the buyer from the current state to the executed plan. Run the steps in sequence. Each step builds the leverage for the next.
GitHub Enterprise is the commercial GitHub offering for organisations. It includes private repositories, SAML SSO, audit logs, organisation level access controls, and the GitHub Actions CI minutes pool. Copilot and Advanced Security sit as separate add ons on top of the Enterprise base subscription.
An active user is a user that authenticates against the GitHub organisation in the billing month. A user that does not authenticate does not count, even if the account still exists. The active user metering rewards cleanup. The buyer side audit removes inactive accounts before the renewal anniversary to control the count.
Three Copilot SKUs cover the enterprise market in 2026. Copilot Business covers code completion and IDE chat. Copilot Enterprise adds chat against the organisation knowledge base and pull request summarisation. Copilot Autonomous Agents covers multi step agent capabilities at separate metering. Each carries different rates and features.
Advanced Security broke into Secret Protection and Code Security in 2024. The combined bundle prices at a discount against the standalone SKUs. Secret Protection covers secret scanning. Code Security covers static analysis, dependency review, and supply chain alerts. Buyers running both should always buy the bundle.
Yes. GitHub Enterprise Server is the customer hosted appliance for organisations that require on premise or dedicated hosting. Most new orders run on Enterprise Cloud as GitHub prioritises feature releases there first. Enterprise Server lags by 6 to 9 months on selected features. The buyer reads the parity gap before committing.
A ramp pattern matches the developer adoption curve and avoids paying for unused subscriptions. The buyer negotiates a tiered commitment that grows across the term rather than a flat 100 percent commit on day one. Wave one typically covers 20 to 30 percent of the developer fleet. The buyer measures adoption before each wave.
Yes. Contractors that authenticate against the GitHub organisation in the billing month count as users at the same rate as employees. Buyers planning a contractor heavy estate model the contractor population into the user count. Outside collaborators count in the inviting organisation only.
Redress runs the GitHub practice inside the Vendor Shield subscription and the Renewal Program. The work covers the active user audit, the Copilot ramp design, the GHAS SKU consolidation, and the renewal cap negotiation. Engagements typically deliver 20 to 30 percent saving against the opening GitHub proposal.
Redress runs the GitHub Enterprise practice inside the Vendor Shield subscription, the Renewal Program, the Microsoft service line (GitHub sits inside the Microsoft commercial estate), and the Software Spend Assessment.
Read the related Microsoft EA renewal playbook, the Microsoft Knowledge Hub, the Microsoft Copilot licensing 2026 article, the Microsoft services, the benchmarking service, and the Benchmark Program.
The companion playbook covers the Oracle Unlimited License Agreement decision tree, certification mechanics, and the negotiation moves that protect the customer at exit.
Independent. Written for CIOs, CFOs, and procurement leaders. No vendor partner affiliation.
Open the playbook in your browser. Corporate email only.
Open the Paper →GitHub Enterprise is no longer a single subscription. It is a SKU portfolio. The buyer side that reads each SKU against the developer role mapping holds the math at procurement and at every renewal anniversary.
45 GitHub Enterprise engagements with median 24 percent saving against the opening GitHub proposal. Every engagement starts with one conversation.
Cost benchmarks, license rightsizing patterns, and the negotiation moves that worked. Written for buyer side teams running active vendor decisions.
Once a month. Audit patterns, renewal benchmarks, vendor commercial signals across Oracle, Microsoft, SAP, Salesforce, IBM, Broadcom, AWS, Google Cloud, ServiceNow, Workday, Cisco, and the GenAI vendors. No follow up sales pressure.
Free providers (Gmail, Yahoo, Outlook) cannot subscribe. Work email only. Unsubscribe in one click.
