You are registered. The full 2026 edition of the guide follows below. It expands on the chapter list published on the GitHub Enterprise Negotiation Guide page.
Executive summary
A GitHub Enterprise quote is mostly a seat count, and the seat count is almost always too high. Buyers who reclaim inactive users, scope GitHub Advanced Security to actual committers, govern Copilot seats by tier and by usage, and co-term the agreement with their Microsoft Enterprise Agreement consistently pay less than the first number on the order form. The money hides in three meters: seats, Advanced Security committers, and Copilot, with Actions and Codespaces consumption running quietly underneath all three.
This guide delivers the full sequence. It explains how GitHub builds an Enterprise quote and where the cost hides, then walks ten levers in the order that protects your position, with the headline discount placed last. It sets out a 150 day renewal timeline, the GitHub Advanced Security committer math and how to bring an inflated count back to actual contributors, Copilot governance across the Business and Enterprise tiers, and the Microsoft co-term decision that determines whether the GitHub line stays benchmarkable or disappears into a bundle. It closes with the Enterprise Cloud versus Enterprise Server cost trade, the contract terms worth securing, and the recurring buyer mistakes we see across estates. Buyers we advise have negotiated over $2.4 billion in software contracts with average savings of 38 percent across more than 500 engagements. The approach below is the one we run.
1. How GitHub builds an Enterprise quote: the starting point for negotiating a GitHub Enterprise agreement
GitHub Enterprise is licensed per user, billed monthly or annually, with multi-year terms available. A licensed user is anyone you provision a seat for, whether or not they log in. That distinction is the first lever. Most estates carry a meaningful share of provisioned seats that no longer map to active developers, and every one of them is billed at full rate.
On top of the seat sit the add-ons. GitHub Advanced Security, which covers code scanning, secret scanning, and dependency review, is licensed separately on a committer metric. GitHub Copilot is licensed per seat as its own line, in Business and Enterprise tiers. Together these can rival or exceed the base seat cost, so a quote that looks like a simple per-user number is really three meters running at once.
Because GitHub is a Microsoft company, the commercial path often runs through your Microsoft account team and can co-term with a Microsoft Enterprise Agreement, with the GitHub offerings defined in the Microsoft Product Terms. That can help or hurt. It helps when you negotiate the GitHub line on its own terms and then align the dates. It hurts when GitHub disappears into a larger bundle and the discount becomes impossible to verify.
What GitHub bills beyond the seat
The per-user license is not the whole bill. GitHub Enterprise also carries consumption charges that scale with how your teams work, and these are easy to miss when you size a deal on seats alone. GitHub Actions, the built-in automation and continuous integration service, includes an allowance of runner minutes and then bills usage above it. Heavy pipelines, large matrix builds, and self-hosted runner gaps can turn Actions into a material line that grows independently of headcount.
Codespaces, the hosted development environment, is billed by compute and storage when teams use it. Packages and container storage carry their own storage and data transfer charges. None of these are seat-driven, so a contract negotiated purely on per-user pricing can still drift in total cost as Actions minutes and Codespaces hours climb.
Bring these into the negotiation explicitly. Ask for a usage report covering Actions minutes, Codespaces compute, and storage before you sign, and decide whether to pre-commit to a consumption allowance at a discount or to manage usage with runner and environment policy. The cost you can see is the cost you can control.
Insider noteSelf-hosted runners are the named mechanism that moves Actions cost. GitHub-hosted runner minutes are billed against your allowance and then at published per-minute rates, with larger runner sizes billed at multiples of the base rate. Self-hosted runners consume no GitHub-hosted minutes for the jobs they execute, so estates with heavy, predictable CI pipelines often route the steady workload to self-hosted capacity and reserve hosted minutes for burst. Run that analysis before the renewal, because a lower consumption baseline shrinks the number you are asked to commit to.
2. The renewal levers, sequenced: seats, term, price protection, and add-ons
Discount is one lever. Seat hygiene, the committer count, and price protection move more money over a multi-year term than a few extra points off the per-user rate. Use these in sequence, starting with the ones that protect you most and cost GitHub least to grant.
| Lever | What it does | When it works best |
|---|---|---|
| 1. Seat reclamation | Remove provisioned seats with no recent activity before you size the deal | Always, before any renewal quote is accepted |
| 2. Active-user baseline | Size the contract to active users, not the provisioned roster | When seat counts have drifted upward over time |
| 3. Advanced Security scope | Enable GHAS only on repositories that need it, cutting the committer count | When GHAS is switched on org-wide by default |
| 4. Copilot governance | Assign Copilot to users who use it, in the tier they need, and reclaim the rest | When Copilot was rolled out broadly without review |
| 5. Price protection and cap | Cap per-user and add-on uplift for the full term | Always; uncapped renewal uplift is the quiet cost |
| 6. Term length | Trade a multi-year commit for a deeper discount and a price hold | When your developer headcount is stable or growing |
| 7. Growth ramp | Phase seat additions instead of paying for future hires now | When headcount growth is planned but not yet hired |
| 8. Microsoft co-term | Align GitHub with the EA so both renew as one event | When you hold a Microsoft Enterprise Agreement |
| 9. Hosting choice | Weigh Enterprise Cloud against Enterprise Server on total cost | When administration cost or data residency is in play |
| 10. Discount | The headline per-user percentage, last | After seats, scope, and protection are settled |
The order matters. If you negotiate discount first, you have spent your bargaining room before you fix the seat count or cap the uplift, and those two terms are worth more across a three year deal than a marginal rate cut on an inflated number of seats. A discount on seats nobody uses is not a saving, it is a smaller overpayment.
Facing a GitHub Enterprise renewal in the next two quarters? Our advisors run this with you.
Software Licensing Advisory3. The renewal timeline and where your bargaining position comes from
A strong position is built, not found. By the time the renewal quote arrives, the buyers who do well have already cleaned their seat data and scoped their add-ons. This is the sequence we run.
| Days before renewal | What to do | Why |
|---|---|---|
| 150 to 120 | Pull active-versus-provisioned seat data and a Copilot usage report | You cannot reclaim what you have not measured |
| 120 to 90 | Map which repositories actually need Advanced Security | The committer count is the largest swing factor |
| 90 to 60 | Reclaim inactive seats and right-size Copilot assignments | Enter the deal sized to real usage, not history |
| 60 to 30 | Benchmark target pricing and define your walk-away position | Set the number before GitHub or Microsoft sets it |
| 30 to 15 | Open the commercial conversation with your structure first | Anchor on your counts, not the renewal quote |
| 15 to 0 | Close at a quarter or fiscal-year boundary where possible | Timing pressure works in the buyer's favor |
Timing matters as much as the sequence. Microsoft runs a fiscal year ending June 30 with quarter boundaries that shape discounting behavior across the whole account, and a GitHub line co-termed with an Enterprise Agreement inherits that calendar. A renewal that closes against a quarter or fiscal-year boundary gives the seller a reason to fund concessions that the same request would not earn in the middle of a quarter. Plan the 150 day runway so the closing window lands on one of those boundaries.
Every input in this sequence is data you already own. Enterprise admin reports show licensed versus active users. Contributor data by repository shows where the GHAS committer count really comes from. Copilot usage reports show which assigned seats are idle. The buyers who pull these reports at 150 days negotiate from evidence. The buyers who skip them negotiate from last year's invoice.
4. GitHub Advanced Security: the committer metric and how to right-size it
GitHub Advanced Security is the add-on most often overbought. It is licensed by unique active committers in the repositories where it is enabled, not by total Enterprise seats. A developer who pushes commits to several covered repositories is counted once. The cost is therefore driven by where you enable it, not by how many people hold a GitHub seat.
Why the number is usually too high
The common pattern is to enable Advanced Security across the whole organization for convenience. That pulls every repository with recent commits into the committer count, including archived projects, experiments, and repositories that carry no sensitive code. The committer total inflates, and the bill follows.
How to right-size it
Inventory your repositories by risk and activity. Enable Advanced Security on the repositories that hold production or sensitive code, and leave low-risk or dormant repositories out of scope. Confirm the committer count GitHub is using against your own contributor data before you accept it. The difference between an org-wide switch and a scoped deployment is frequently large.
Insider noteThe GHAS billing metric counts unique active committers, contributors who pushed to an enabled repository within the trailing activity window GitHub's documentation defines, roughly the last 90 days. That means dormant repositories age out of the count on their own, and a scoping exercise done 120 days before renewal shows up in the billed number by the time you negotiate. Run the de-scope early, then ask GitHub to requote on the post-scope committer count, not the historical peak.
5. Copilot seat governance and active-versus-provisioned licensing
GitHub Copilot is a separate per-seat license, and it sprawls the same way Enterprise seats do. Organizations often roll it out broadly to gauge interest, then never reconcile who actually uses it. The result is a population of provisioned seats with little or no recent activity, all billed at full rate.
Governance is the lever, not the discount. GitHub provides usage and engagement data at the organization level. Use it to identify assigned seats with no recent activity, reclaim them, and reassign only on demonstrated need. Right-sizing the Copilot seat count before renewal usually saves more than negotiating the per-seat price on an inflated roster.
Decide the assignment model deliberately. A standing allocation to every developer is simple but expensive if adoption is uneven. A request-based model with periodic reclamation keeps the paid seat count aligned to real use, which is the number you want to carry into the renewal.
Copilot Business and Copilot Enterprise
Copilot is sold in more than one tier, and the tier changes the per-seat cost and the governance you get. Copilot Business provides the core code completion and chat capabilities with organization-level policy controls. Copilot Enterprise adds capabilities oriented to larger organizations, including chat grounded in your repositories and pull request assistance across the github.com experience.
The buyer question is not only the discount, it is whether every Copilot seat needs the higher tier. Mixed populations are common: a subset of developers genuinely uses the Enterprise capabilities, while many users would be served by the Business tier. Paying the Enterprise rate across the whole population when only part of it uses the additional features is a quiet overspend. Match the tier to the user, size each tier to that split, and only then discuss the per-seat rate.
Want an independent read on your seat, GHAS, and Copilot counts before you renew?
SaaS License Optimization6. The Microsoft co-term: negotiating GitHub inside an Enterprise Agreement
GitHub is a Microsoft company, and GitHub Enterprise can co-term with a Microsoft Enterprise Agreement so both renew together. Co-terming is useful because it lets you negotiate the relationship as one event and align the dates, which removes the scramble of two separate renewals landing months apart.
The risk is loss of visibility. When GitHub is folded into a large Microsoft bundle, the GitHub-specific discount and the per-meter pricing can become hard to verify, and concessions on one product can be quietly offset elsewhere. The discipline is to negotiate the GitHub line on its own metrics first, document the seat, committer, and Copilot pricing explicitly, and only then co-term for date alignment.
Keep the GitHub pricing itemized in the agreement even when it sits inside the EA. An itemized line is one you can benchmark and defend at the next renewal. A blended bundle figure is one you cannot.
Insider noteCheck your developer population for Visual Studio subscriptions before you size the GitHub deal. Microsoft has sold Visual Studio subscription SKUs that include GitHub Enterprise entitlements, and the GitHub offerings purchased through volume licensing are governed by the Microsoft Product Terms. Estates that hold Visual Studio Professional or Enterprise subscriptions sometimes double-pay for GitHub seats those subscriptions already cover. Reconcile the two rosters, then have the account team confirm in writing which population is entitled through which vehicle.
7. Enterprise Cloud, data residency, and Enterprise Server cost trade-offs
GitHub Enterprise comes in a cloud-hosted form, GitHub Enterprise Cloud, and a self-hosted form, GitHub Enterprise Server. Enterprise Cloud reduces the operational burden of running the platform and has added options such as data residency for organizations with regional data requirements. Enterprise Server suits buyers with strict on-premises or isolation requirements who accept the administration cost that comes with it.
Treat the hosting choice as a total-cost decision, not just a license decision. The Server option moves cost from the subscription line to your own infrastructure and operations team, while the Cloud option consolidates that cost into the subscription. Model both before you assume one is cheaper, and factor the data residency options into the comparison where compliance requires them.
The hosting question is also a renewal lever. A buyer running Enterprise Server who can credibly model a move to Enterprise Cloud, or the reverse, brings a real alternative into the room without changing vendors at all. The migration carries cost either way, so price it honestly, but an account team that knows the deployment model is in play tends to defend the relationship with better terms on the part of the bill it controls.
Where the avoidable money sits
Across the GitHub estates we review, the avoidable spend ranks in a consistent order, and most of it can be removed with data you already hold before any pricing conversation begins.
Building a credible alternative
The strongest position in any GitHub renewal is a credible alternative, and developer platforms are a competitive market. GitLab Ultimate, Atlassian Bitbucket, and Azure DevOps each cover overlapping ground, and several offer their own security and automation capabilities that map to what GitHub bundles into Advanced Security and Actions. You do not need to switch to benefit from the comparison. You need the comparison to be real.
Build the alternative properly. Map your actual requirements, source comparable pricing on the same metrics, and document the migration cost and risk honestly so the comparison survives scrutiny. A thin threat to leave is easy for any account team to discount. A costed, evidenced alternative changes the conversation because it sets a ceiling on what GitHub can charge before switching becomes rational.
The point is not to play vendors against each other for its own sake. It is to know your walk-away number before you negotiate, so the renewal is anchored on your economics rather than on the seller's quote. Buyers who hold a real alternative consistently secure better price protection and add-on terms, whether or not they ever move a single repository.
Contract terms worth securing
Price is what most buyers focus on, but the terms around the price decide what the deal costs over its life. The table below is the checklist we hold order forms against before signature.
| Term | What to secure | Why it matters |
|---|---|---|
| Uplift cap | Cap per-user and add-on increases for the full term | A first-year discount that resets at renewal is not protection |
| Metric definitions | Pin the GHAS committer definition and Copilot tier pricing in writing | Prevents the billed metric drifting upward between renewals |
| Verification clause | Agree how licensed users and committers are measured | Avoids open-ended terms that let a future count be reinterpreted |
| Growth ramp | Step seat additions on real hiring dates | Stops you paying day one for an end-state headcount |
| Downside flexibility | Reallocation across business units, divestiture treatment | A fixed count with no adjustment outruns a shrinking estate |
| Itemized pricing | Keep seat, GHAS, and Copilot lines visible inside any EA bundle | An itemized line can be benchmarked, a blended figure cannot |
| Data residency | Secure regional commitments explicitly where compliance needs them | A roadmap promise is not a contract term |
These terms rarely cost the vendor anything to grant early in a negotiation, and they are expensive to retrofit later. The renewal is the cheapest moment to fix them. Once the agreement is signed without them, you are negotiating from a weaker spot at the next cycle.
Phasing the commitment and the growth ramp
Multi-year commitments are where GitHub offers its deepest discounts and where buyers most often overcommit. A longer term can lower the per-user rate and secure a price hold, which is valuable when developer headcount is stable or rising on a known plan. The risk is paying today for seats you will not fill until later, or locking a count you cannot reduce if a team contracts.
Phase the commitment to your hiring plan. If you expect to grow, negotiate a ramp where seat additions and their cost step up on the dates you actually expect to hire, rather than paying for the end-state count from day one. If your headcount is uncertain, weigh a shorter term against the discount on a longer one, and price the flexibility you are giving up.
Protect the downside as well as the upside. Ask what happens if active usage falls below the committed count, whether unused seats can be reallocated across business units, and how a divestiture or reorganization affects the agreement. A commitment sized to an optimistic forecast, with no room to adjust, is the most common way a good headline rate turns into a bill that outruns real usage.
Common buyer mistakes
The recurring mistakes are consistent across GitHub estates. Sizing the renewal at last year's provisioned seat count instead of active users. Enabling Advanced Security org-wide and accepting the committer total without checking it. Rolling out Copilot broadly, in one tier, and never reclaiming idle seats. Folding GitHub into a Microsoft bundle without itemized pricing. Ignoring Actions and Codespaces consumption until the bill arrives.
Each one is avoidable with data you already own. Active-versus-provisioned seat reports, contributor data by repository, Copilot usage data, and consumption reports are all available before the renewal. The buyers who use them enter the negotiation sized to reality. The buyers who do not enter sized to history, and history is always more expensive.
Key takeaways
- A GitHub quote is three meters: seats, Advanced Security committers, and Copilot seats. Price each separately.
- Size the deal on consumption too. Actions minutes, Codespaces, and storage do not appear on the per-user line.
- Reclaim inactive seats and size the deal to active users before you negotiate.
- Scope Advanced Security to the repositories that need it and verify the committer count against contributor data.
- Govern Copilot by usage and by tier; governance saves more than the per-seat discount.
- Reconcile Visual Studio subscription entitlements before buying GitHub seats twice.
- Cap per-user and add-on uplift for the full term, not just the first year.
- Co-term with a Microsoft EA for date alignment, but keep the GitHub pricing itemized.
- Match a multi-year commitment to your hiring plan and ramp seat cost to real dates.
- Decide Enterprise Cloud versus Server on total cost, including administration and data residency.
Frequently asked questions
How is GitHub Enterprise priced?
GitHub Enterprise is billed per user per month, with annual and multi-year terms available. GitHub Advanced Security and GitHub Copilot are separate add-ons, so the seat price is only part of the total. Count active users, not provisioned ones, before you commit.
What is the GitHub Advanced Security committer metric?
GitHub Advanced Security is licensed by unique active committers in the repositories where it is enabled, not by total seats. A developer who commits to several covered repositories is counted once. Scoping which repositories need it is the main cost control.
Can we negotiate GitHub Enterprise inside a Microsoft Enterprise Agreement?
Yes. GitHub is a Microsoft company, its volume licensing offerings sit in the Microsoft Product Terms, and GitHub Enterprise can co-term with a Microsoft EA. Negotiate the GitHub line on its own metrics and discount, then co-term it so both renewals land together.
How do we reduce GitHub Copilot seat cost?
Audit active versus provisioned Copilot seats, reclaim licenses from users with no recent activity, and split the population between Copilot Business and Copilot Enterprise by who uses the higher-tier features. Governance over assignment matters more than the per-seat discount.
Should we run GitHub Enterprise Cloud or Enterprise Server?
Enterprise Cloud reduces operational cost and adds features such as data residency, while Enterprise Server suits strict on-premises requirements. Model the total cost including administration before treating the hosting choice as fixed.
Related research
Continue with three companion guides from our research library: the Microsoft EA Negotiation Playbook for the agreement GitHub most often co-terms with, the Microsoft Copilot Licensing Guide for the adjacent Copilot estate, and the SaaS License Optimization Guide for the seat reclamation discipline this guide applies to GitHub. Our software licensing advisory practice runs all of this with you, and you can book a 30 minute call to start.