GitHub was acquired by Microsoft in 2018 for $7.5 billion and has since been systematically repositioned as an enterprise platform with a corresponding enterprise licensing model. For organisations with significant software development operations, GitHub Enterprise, GitHub Copilot, and GitHub Advanced Security collectively represent an annual spend that can easily reach seven figures at scale — and one that Microsoft's commercial teams are increasingly skilled at managing as part of broader EA relationships. This guide provides the commercial clarity needed to evaluate and negotiate GitHub licensing on your terms.
GitHub Product Tiers: Free, Team, and Enterprise
GitHub offers three core platform tiers with meaningfully different feature sets and pricing. GitHub Free provides unlimited public and private repositories, 2,000 CI/CD minutes per month, 500MB package storage, and community support. It is genuinely capable for small teams and open-source work but lacks the enterprise controls, compliance, and administrative features required by most organisations.
GitHub Team at $4/user/month adds protected branches, required reviewers, draft pull requests, CODEOWNERS, 3,000 CI/CD minutes per month, 2GB package storage, and GitHub Pages. Team is appropriate for small to mid-market organisations without enterprise governance or security requirements.
GitHub Enterprise is available in two delivery models — GitHub Enterprise Cloud (GHEC) and GitHub Enterprise Server (GHES) — each addressing different deployment preferences. GHEC is a SaaS deployment at $21/user/month list price; GHES is a self-hosted deployment at the same list price. Enterprise Cloud provides GitHub-managed infrastructure, automatic feature updates, and native integration with GitHub's AI services. Enterprise Server provides full control over data residency and infrastructure but requires self-management and incurs infrastructure costs beyond the license fee.
| Tier | Price/User/Month | Key Features | Best For |
|---|---|---|---|
| Free | $0 | Unlimited repos, 2K CI/CD min, basic Actions | Open-source, individuals |
| Team | $4 | Protected branches, reviewers, 3K CI/CD min | Small-mid market teams |
| Enterprise Cloud | $21 | SAML SSO, audit log API, SCIM, 50K CI/CD min, enterprise policy | Enterprise, compliance-driven orgs |
| Enterprise Server | $21 | Self-hosted, full data control, enterprise policy | Air-gapped, regulated industries |
Insider Perspective: The GHEC vs GHES decision has shifted meaningfully over the past three years. GHES, once the default for regulated industries, now requires organisations to manage increasingly complex upgrade cycles as GitHub accelerates its Cloud feature velocity. Organisations on GHES are routinely 12–18 months behind GHEC in feature parity, and several Copilot features — including Copilot Enterprise — are Cloud-only. If data residency is your primary driver for GHES, evaluate whether GitHub's data residency commitments within GHEC (US-only or EU data residency options) meet your requirements before committing to the operational overhead of self-hosted infrastructure.
GitHub Copilot: Business vs Enterprise Pricing
GitHub Copilot is now Microsoft's most commercially aggressive enterprise AI product, with two tiers and pricing that is accelerating rapidly. GitHub Copilot Business at $19/user/month provides AI code completion, chat, and CLI assistance within IDEs, with organisation-level policy controls and IP indemnification. GitHub Copilot Enterprise at $39/user/month adds fine-tuned models based on your organisation's codebase, Copilot Chat with GitHub context (pull requests, issues, documentation), and Copilot in GitHub.com.
For a 500-developer organisation, the cost differential between Copilot Business and Copilot Enterprise is $120,000 per year ($228K vs $108K annually). The justification for Copilot Enterprise over Business hinges on two factors: the value of codebase-aware context in Copilot's responses, and the productivity uplift of Copilot Chat integrated within GitHub.com for code review and knowledge retrieval. Both factors are real but highly dependent on your codebase complexity, documentation quality, and developer workflow maturity.
GitHub Copilot and the Microsoft 365 Copilot Relationship
Microsoft has deliberately created a confusing commercial landscape by maintaining separate licensing for GitHub Copilot and Microsoft 365 Copilot (the productivity AI for Teams, Word, Excel, and Outlook). These are distinct products with distinct licensing requirements — GitHub Copilot serves developers in IDEs and GitHub; M365 Copilot serves knowledge workers in the M365 suite. There is no bundling between them, and organisations purchasing M365 Copilot for their user population must separately license GitHub Copilot for their developer population. Microsoft's sales teams occasionally conflate the two products in initial conversations — insist on precise product identification in any AI licensing proposal.
For comprehensive guidance on M365 Copilot licensing and economics, see our Microsoft Copilot Licensing Guide.
GitHub Advanced Security: Code and Secret Scanning
GitHub Advanced Security (GHAS) provides code scanning (static analysis), secret scanning, and dependency review capabilities beyond what is available in GitHub Enterprise base. GHAS is priced at $49/active committer/month — and the "active committer" metric is the source of significant commercial complexity and surprise billing.
An active committer is a unique user who commits to private or internal repositories during the billing month. This definition creates two distinct cost surprises for organisations adopting GHAS. First, the active committer count fluctuates based on actual commit activity — organisations with large developer populations that do not commit every month see variable monthly costs rather than the predictable per-seat spend they anticipated. Second, GitHub counts each unique committer across all GHAS-enabled organisations in your enterprise account, meaning that a developer who contributes to code in multiple organisations within your enterprise counts as one active committer, but one who works across separate GitHub enterprise accounts counts multiple times.
Advisory Insight: Independent advisors including Redress Compliance find that GHAS active committer bills routinely surprise enterprise buyers by 20–40% relative to initial estimates. The variance comes from automated bots and CI systems committing to repositories (each counts as an active committer), offshore or contractor developer populations with irregular commit patterns, and repository architecture decisions that expand GHAS scope beyond the originally modelled developer population. Before deploying GHAS, conduct a 90-day active committer analysis and establish a cap on bot/service account commits.
GitHub Actions: Minutes, Storage, and Self-Hosted Runners
GitHub Actions is the native CI/CD platform embedded within GitHub. Enterprise plans include 50,000 CI/CD minutes per month for Linux runners, with additional minutes billed at $0.008/minute (Linux), $0.016/minute (Windows), and $0.064/minute (macOS). Storage for Actions artifacts and packages above the included 50GB is billed at $0.25/GB/month.
For organisations with significant CI/CD workloads, the included minutes are rarely sufficient. A single automated test suite running 30 minutes per pull request, with 50 active PRs per day, consumes 45,000 minutes per month — approaching the Enterprise inclusion. Organisations with larger development teams, longer test suites, or complex matrix build configurations routinely spend $5,000–$20,000+ per month on Actions minutes beyond their included allowance.
Self-hosted runners — where Actions jobs execute on your own infrastructure rather than GitHub-managed compute — eliminate the per-minute compute cost and are the preferred architecture for high-volume CI/CD workloads. Self-hosted runners require infrastructure investment and operational management but typically deliver unit economics significantly below GitHub-managed runners at scale. The self-hosted vs GitHub-managed decision should be explicitly modelled for any organisation with more than 5,000 CI/CD minutes per day of usage.
GitHub within the Microsoft EA: Commercial Integration
GitHub is increasingly negotiated as part of Microsoft Enterprise Agreement renewals rather than as a standalone GitHub agreement. This integration has mixed commercial implications. On the positive side, combining GitHub, M365, and Azure negotiations gives enterprise buyers a larger commercial footprint to leverage for discounts, and GitHub pricing can sometimes be improved by bundling it within a larger Microsoft commitment. On the negative side, Microsoft's EA teams structure these integrated negotiations to anchor GitHub pricing to EA unit economics that are less favourable than standalone GitHub commercial negotiations, and the integration makes it harder to benchmark GitHub pricing against the standalone market.
The most effective commercial position for GitHub in the context of an EA renewal is to run a parallel standalone GitHub negotiation alongside the EA discussion, establishing a competitive pricing reference point before allowing Microsoft to absorb GitHub into the broader EA commercial structure. GitHub's enterprise sales team — separate from Microsoft's EA team — has different pricing authority and different commercial incentives; leverage this organisational separation.
For the broader Microsoft EA negotiation framework within which GitHub fits, our Complete Microsoft EA Guide covers multi-product negotiation strategy. Our Cloud Contract Negotiation practice includes GitHub as part of developer platform advisory engagements. The Microsoft EA White Paper includes a GitHub commercial strategy section covering Copilot evaluation frameworks and GHAS deployment economics.
GitHub vs Alternatives: Maintaining Commercial Leverage
GitHub's dominant market position — over 100 million developers, the world's largest code repository ecosystem — creates genuine switching costs that Microsoft's commercial teams understand and price accordingly. GitLab, Bitbucket, and Azure DevOps are the primary alternatives, each with materially different feature sets and pricing models. GitLab in particular offers a directly comparable enterprise platform with CI/CD, security scanning, and AI coding assistance, at pricing that has historically been more negotiable than GitHub's enterprise tiers.
Maintaining a credible GitLab evaluation or Pilot programme — even without an intention to migrate — is the most effective commercial lever in GitHub Enterprise renewal negotiations. Microsoft's commercial teams discount the risk from nominal alternatives; they respond substantively to documented GitLab evaluations, particularly for organisations running significant GHES deployments where migration friction is lower than from GHEC. Our Software Licensing Advisory practice supports GitHub competitive assessments as part of renewal preparation.
Key Negotiation Points for GitHub Enterprise
GitHub Enterprise renewal negotiations have several specific leverage points. First, Copilot adoption rates: Microsoft's expectation is 80–100% Copilot coverage for GitHub Enterprise customers — organisations that achieve this create leverage for Copilot per-seat price concessions. Second, GHAS active committer caps: negotiating a fixed monthly cap on active committer billing, rather than pure consumption-based pricing, converts a variable cost into a predictable one. Third, Actions minutes commitments: committing to a minimum monthly Actions minutes purchase in exchange for per-minute rate reductions is achievable and commercially significant for high-volume CI/CD organisations. Fourth, multi-year term flexibility: GitHub Enterprise contracts of 2–3 years typically access pricing 15–25% below equivalent 1-year terms, but only with explicit renewal options and price cap provisions.