About billing for GitHub Advanced Security

If you want to use GitHub Advanced Security features, you need a license.

GitHub Advanced Security is available for enterprise accounts on GitHub Enterprise Cloud and GitHub Enterprise Server 3.0 or higher. For more information about upgrading your GitHub Enterprise Server instance, see "About upgrades to new releases" and refer to the Upgrade assistant to find the upgrade path from your current release version.

GitHub Advanced Securityの支払いについて

You can make extra features for code security available to users by buying and uploading a license for GitHub Advanced Security. GitHub Advanced Security に関する詳しい情報については、「GitHub Advanced Security について」を参照してください。

GitHub Advanced Securityの各ライセンスは、それらの機能を使用できるアカウントもしくはシートの最大数を指定します。 少なくとも1つのリポジトリでこの機能が有効化されているそれぞれのアクティブなコミッターは、1つのシートを使用します。 A committer is considered active if one of their commits has been pushed to the repository within the last 90 days, regardless of when it was originally authored.

Note: Active committers are calculated using both the commit author information and the timestamp for when the code was pushed to GitHub Enterprise Server.

  • When a user pushes code to GitHub, every user who authored code in that push counts towards GitHub Advanced Security seats, even if the code is not new to GitHub.

  • Users should always create branches from a recent base, or rebase them before pushing. This will ensure that users who have not committed in the last 90 days do not take up GitHub Advanced Security seats.

To discuss licensing GitHub Advanced Security for your enterprise, contact GitHubの営業チーム.

GitHub Advanced Security のコミッター番号について

We record and display two numbers of committers for GitHub Advanced Security on your GitHub Enterprise Server instance:

  • Committers is the number of committers who contributed to at least one repository in an organization and who use a seat in your enterprise license. That is, they are also an organization member, an external collaborator, or have a pending invitation to join an organization in your enterprise.
  • Unique to this repository/organization is the number of committers who contributed only to this repository, or to repositories in this organization. This number shows how many license seats you can free up by disabling GitHub Advanced Security for that repository or organization.

If there are no unique committers, all active committers also contribute to other repositories or organizations that use GitHub Advanced Security. Disabling the feature for that repository or organization would not free any seats on your license.

When you remove a user from your enterprise account, the user's license is freed within 24 hours.

Note: Users can contribute to multiple repositories or organizations. Usage is measured across the whole enterprise account to ensure that each member uses one seat regardless of how many repositories or organizations the user contributes to.

リポジトリでAdvanced Securityを有効化あるいは無効化すると、GitHubはライセンスの利用に関する変更の概要を表示します。 GitHub Advanced Security へのアクセスを無効にすると、「一意」のコミッターが使用するシートが解放されます。

ライセンス制限を超えている場合、GitHub Advanced Security はすでに有効になっているすべてのリポジトリで引き続き動作します。 ただし、GitHub Advanced Security が新しいリポジトリに対して有効になっている Organization では、リポジトは機能が無効の状態で作成されます。 加えて、既存のリポジトリに対するGitHub Advanced Securityの有効化のオプションは利用できなくなります。

一部のリポジトリで GitHub Advanced Security を無効にするか、ライセンスサイズを増やすと、一部のシートを解放した直後に GitHub Advanced Security を有効にするオプションが通常どおり動作します。

Enterprise アカウントが所有する Organization による Advanced Security の使用を許可または禁止するポリシーを適用できます。 For more information, see "Enforcing policies for Advanced Security in your enterprise."

ライセンスの使用状況の表示について詳しくは、「GitHub Advanced Security の使用状況を表示する」を参照してください。

Understanding active committer usage

The following example timeline demonstrates how active committer count for GitHub Advanced Security could change over time in an enterprise. For each month, you will find events, along with the resulting committer count.

日付 Events during the month Total committers
15 年 4 月 A member of your enterprise enables GitHub Advanced Security for repository X. Repository X has 50 committers over the past 90 days. 50
May 1 Developer A leaves the team working on repository X. Developer A's contributions continue to count for 90 days. 50 | 50
August 1 Developer A's contributions no longer count towards the licences required, because 90 days have passed. _50 - 1_
15 年 8 月 A member of your enterprise enables GitHub Advanced Security for a second repository, repository Y. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo X and do not require additional licenses. _49 + 10_
16 年 8 月 A member of your enterprise disables GitHub Advanced Security for repository X. Of the 49 developers who were working on repository X, 10 still also work on repository Y, which has a total of 20 developers contributing in the last 90 days. _49 - 29_

Note: A user will be flagged as active when their commits are pushed to any branch of a repository, even if the commits were authored more than 90 days ago.

Getting the most out of GitHub Advanced Security

GitHub Advanced Security の優先順位を付けるリポジトリと Organization を決定するときは、それらを確認して次のことを特定する必要があります。

  • 会社の成功にとって最も重要なコードベース。 これらは、脆弱なコード、ハードコードされたシークレット、または脆弱な依存関係の導入が会社に最大の影響を与えるプロジェクトです。
  • コミット頻度が最も高いコードベース。 これらは最も積極的に開発されたプロジェクトであるため、セキュリティの問題が発生するリスクが高くなります。

When you have enabled GitHub Advanced Security for these organizations or repositories, assess which other codebases you could add without incurring billing for unique committers. Finally, review the remaining important and busy codebases. If you want to increase the number of seats in your license, contact GitHubの営業チーム.




GitHubのすべてのドキュメントはオープンソースです。間違っていたり、はっきりしないところがありましたか?Pull Requestをお送りください。


OR, コントリビューションの方法を学んでください。