The scan user needs Write permission on a repository:

• to be able to update the commit status via GitHub Branch Source (see GitHubBuildStatusNotification)
• to check whether a PR/Branch is trusted (see GitHubSCMSource)

Grant a single user with Write permissions to all organization repositories is a security concern. Git writes and status updates could instead be handle inside the Pipeline/Jenkinsfile.

This request is about a configurable solution so that a scan user don’t need Read permissions to scan PR/Branches.