Comment by technion
15 hours ago
The problem with all these permissions ideas: VSCode in most cases is expected to be able to push to a git repo. Many developers these days use it over the CLI for pushes and pulls.
So if it has a "minimal" set of access, it has access to a Github key. That's enough.. to do this sort of damage.
Indeed, we must ensure to scope our GH keys per repo then.