This is just a quick diary entry to report that I saw requests on my honeypot for (code) repositories:
/.git/logs/refs/remotes/origin/main
/.git/objects/info
/.github
/.github/dependabot.yml
/.github/funding.yml
/.github/ISSUE_TEMPLATE
/.gitlab/issue_templates
/.gitlab-ci
/.git-secret
/.svnignore
/aws/bucket
/s3/backup
/s3/bucket
/s3/credentials
So watch out what you publish online when you deploy a repository to your web site.
Didier Stevens
Senior handler
blog.DidierStevens.com
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.