You can make extra features available to users with a license for Advanced Security products. For more information, see About GitHub Advanced Security.
License size
Each license specifies a maximum number of accounts that can use Advanced Security. Each active committer to at least one repository with the product enabled consumes one license. When you remove a user from your enterprise account, the user's license is freed within 24 hours.
If you exceed your license limit, features controlled by Advanced Security licensing continue to work on all repositories where they are already enabled. However, you will not be able to enable GitHub Advanced Security on any additional repositories. Any new repositories created in organizations where GitHub Advanced Security are configured to be enabled automatically will be created with the products disabled.
As soon as you make licenses available, by disabling GitHub Advanced Security in some repositories, or by increasing your license size, the options for enabling GitHub Advanced Security will work again as normal. All standalone instances of GitHub Enterprise Server use volume/subscription licenses. Contact GitHub's Sales team if you want to make changes to your license.
You can enforce policies to allow or disallow the use of Advanced Security by organizations owned by your enterprise account. See Enforcing policies for code security and analysis for your enterprise.
Active and unique committers
The number of unique, active committers who use GitHub Advanced Security controls your license use.
- Active committers is the number of committers who contributed to at least one organization-owned repository, and who use a license in your enterprise. That is, they are also an organization member, an external collaborator, or have a pending invitation to join an organization in your enterprise, and they are not a GitHub App bot. For information about differences between bot and machine accounts, see Differences between GitHub Apps and OAuth apps.
- Unique committers is the number of active committers who contributed only to a repository, or to repositories in an organization. This number shows how many licenses you can free up by disabling GitHub Advanced Security for that repository or organization.
If there are no unique committers to a repository or organization, all active committers also contribute to other repositories or organizations that use Advanced Security licenses. Disabling a product for that repository or organization would not free any licenses or lower your usage costs.
Understanding usage
Users can contribute to multiple repositories or organizations. Usage is measured across the whole enterprise to ensure that each member uses one license regardless of how many repositories or organizations the user contributes to.
When you enable or disable GitHub Advanced Security for one or more repositories, GitHub displays an overview of how this will change your usage.
The following example timeline demonstrates how active committer count for Advanced Security could change over time in an enterprise. For each month, you will find events, along with the resulting committer count.
| Date | Events during the month | Total committers |
|---|---|---|
| April 15 | A member of your enterprise enables GitHub Advanced Security for repository X. Repository X has 50 committers over the past 90 days. | 50 |
| May 1 | Developer A leaves the team working on repository X. Developer A's contributions continue to count for 90 days. | 50 |
| August 1 | Developer A's contributions no longer count towards the licenses required, because 90 days have passed. | 50 - 1 = 49 |
| August 15 | A member of your enterprise enables GitHub Advanced Security for a second repository, repository Y. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo X and do not require additional licenses. | 49 + 10 = 59 |
| August 16 | A member of your enterprise disables GitHub Advanced Security for repository X. Of the 49 developers who were working on repository X, 10 still also work on repository Y, which has a total of 20 developers contributing in the last 90 days. | 49 - 29 = 20 |