What permissions does GitHub PAT need?

[agardnerIT]

I can't find this info anywhere in the repo.

[adrielp]

@agardnerIT - for PATs, the basic set of permissions needed are:

• repo:All
• read:packages
• read:org
• read:user
• read:enterprise
• read:project
• read:security

The setting varies between classic and fine-grained. The queries under the hood are all read queries, there is no write. They read repos, orgs, branches, commits, metadata, issues, pull requests, and GHAS security events.

I generally recommend using the GitHub App Authentication Extension for authentication instead as GitHub Apps use OAUTH and are more secure, locks down permissions better, and increases rate limits.

We'll take the action item to add documentation to the GitHub Scraper defining the PAT permissions.