There are a couple ways to go about this.
First, if you use SAML, you may be able to check your identity provider logs to see who hasn’t authenticated to GitHub in the period of time you feel is relevant. This will best include folks who need to see your code but don’t necessarily do anything with it.
You can also use the following tool to generate a list but has a very specific “activity” definition:
Members are defined as inactive if they have not performed any of the following actions in any repository in the specified ORGANIZATION since the specified DATE:
- Merged or pushed commits into the default branch
- Opened an Issue or Pull Request
- Commented on an Issue or Pull Request