Dear GitLab team,
our users need to authorize our gitlab scopes to retrieve metadata on a given repository but not the source code itself. It comes without saying that source code is much more sensitive data then branch names, repo names etc. Right now the ‘api’ scope gives us access to everything which we do not need and our users are unhappy to give away.
Would it be possible to have more granular scopes, as in separate sensitive source code access as an individual scope?