[Aeolun]

Depends, if someone suddenly starts pulling down every single repository in the org, that should ring some bells.

[grogenaut]

Meh... I do this every 6-8 months as a principal engineer. I've had many legit use cases.: Understanding our overall dependency tree, validating code coverage assumptions, seeing which projects built still, testing out prototype profiler reports, inspecting the code to see how hard adding x pattern would be, quantifying code change patterns over the pandemic, seeing which uses of the AWS sdk or internal clients were instrumented with metrics, seeing what pct would build under make/go build/bazel/etc.

Anyway many legit reasons. Should it set off an alarm? Probably. Can you say before you do it? For sure!

[trallnag]

Depends on the number of repositories I would assume. There are orgs with thousands of them.

[grogenaut]

Last I downloaded it was around 3600 of them.