In the company I work for some developers are unhappy with how many permissions they need to give to sonarcloud when logging in with GitHub, it requires the following permissions to be granted:
- Verify your github identity
- Know which resources you can access
- Act on your behalf
- Read email addresses (the only one which should be really required IMO)
These permissions are not needed when logging in with e.g. GitLab, but GitHub requires it. Why is that? Is there any benefit for that?