About billing for GitHub Advanced Security

If you want to use GitHub Advanced Security features in a private or internal repository, you need a license. These features are available free of charge for public repositories on GitHub.com.

GitHub Advanced Security is available for enterprise accounts on GitHub Enterprise Cloud and GitHub Enterprise Server 3.0 or higher. GitHub Advanced Security is also included in all public repositories on GitHub.com. For more information, see "About GitHub's products."

关于 GitHub Advanced Security 的计费

If you want to use GitHub Advanced Security features on any repository apart from a public repository on GitHub.com, you will need a GitHub Advanced Security license. 有关 GitHub Advanced Security 的更多信息,请参阅“关于 GitHub Advanced Security”。

GitHub Advanced Security 的每个许可证都规定了可以使用这些功能的最大帐户或席位数量。 至少一个启用了该功能的仓库的每个活跃提交者将使用一个席位。 A committer is considered active if one of their commits has been pushed to the repository within the last 90 days, regardless of when it was originally authored.

Note: Active committers are calculated using both the commit author information and the timestamp for when the code was pushed to GitHub Enterprise Cloud.

  • When a user pushes code to GitHub, every user who authored code in that push counts towards GitHub Advanced Security seats, even if the code is not new to GitHub.

  • Users should always create branches from a recent base, or rebase them before pushing. This will ensure that users who have not committed in the last 90 days do not take up GitHub Advanced Security seats.

To discuss licensing GitHub Advanced Security for your enterprise, contact GitHub' 销售团队.

关于 GitHub Advanced Security 的提交者数量

We record and display two numbers of committers for GitHub Advanced Security on GitHub.com:

  • Committers is the number of committers who contributed to at least one private repository in an organization and who use a seat in your enterprise license. That is, they are also an organization member, an external collaborator, or have a pending invitation to join an organization in your enterprise.
  • Unique to this repository/organization is the number of committers who contributed only to this repository, or to repositories in this organization. This number shows how many license seats you can free up by disabling GitHub Advanced Security for that repository or organization.

If there are no unique committers, all active committers also contribute to other repositories or organizations that use GitHub Advanced Security. Disabling the feature for that repository or organization would not free any seats on your license.

When you remove a user from your enterprise account, the user's license is freed within 24 hours.

Note: Users can contribute to multiple repositories or organizations. Usage is measured across the whole enterprise account to ensure that each member uses one seat regardless of how many repositories or organizations the user contributes to.

为仓库启用或禁用 Advanced Security 时,GitHub 将显示许可证使用情况变化的概况。 如果您禁用对 GitHub Advanced Security 的访问,任何被“唯一”提交者使用的席位都将释放。

如果您超过了许可证限制,GitHub Advanced Security 将继续在所有已启用的仓库中工作。 但是,在为新仓库启用 GitHub Advanced Security 的组织中,将会创建禁用该功能的仓库。 此外,对现有仓库启用 GitHub Advanced Security 的选项将不可用。如果将公共仓库的可见性更改为私有,则 GitHub Advanced Security 将对该仓库禁用。

一旦您释放一些席位,通过对某些仓库禁用 GitHub Advanced Security 或通过增加您的许可证大小,用于启用 GitHub Advanced Security 的选项将继续正常工作。

您可以执行策略以允许或不允许企业帐户拥有的组织使用 Advanced Security。 For more information, see "Enforcing policies for Advanced Security in your enterprise."

有关查看许可使用情况的更多信息,请参阅“查看 GitHub Advanced Security 使用情况”。

Understanding active committer usage

The following example timeline demonstrates how active committer count for GitHub Advanced Security could change over time in an enterprise. For each month, you will find events, along with the resulting committer count.

日期 Events during the month Total committers
15年4月 A member of your enterprise enables GitHub Advanced Security for repository X. Repository X has 50 committers over the past 90 days. 50
May 1 Developer A leaves the team working on repository X. Developer A's contributions continue to count for 90 days. 50 | 50
August 1 Developer A's contributions no longer count towards the licences required, because 90 days have passed. _50 - 1_
15年8月 A member of your enterprise enables GitHub Advanced Security for a second repository, repository Y. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo X and do not require additional licenses. _49 + 10_
16年8月 A member of your enterprise disables GitHub Advanced Security for repository X. Of the 49 developers who were working on repository X, 10 still also work on repository Y, which has a total of 20 developers contributing in the last 90 days. _49 - 29_

Note: A user will be flagged as active when their commits are pushed to any branch of a repository, even if the commits were authored more than 90 days ago.

Getting the most out of GitHub Advanced Security

当您决定哪些仓库和组织优先用于 GitHub Advanced Security 时,应该查看它们并识别:

  • 对公司成功至关重要的代码库。 在这些项目中,引入了易受攻击代码、硬编码的密钥或易受攻击的依赖项,将对您的公司将产生最大的影响。
  • 提交频率最高的代码库。 这些是最积极开发的项目,因此出现安全问题的风险较高。

对这些组织或仓库启用 GitHub Advanced Security 后,评估您可以添加哪些其他代码库,而不会对唯一提交者产生计费。 最后,查看其余重要和繁忙的代码库。 如果您想增加许可证中的席位数,请联系 GitHub' 销售团队




所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。


或者, 了解如何参与。