In their communication about the april 2022 breach (summary here), Heroku mentioned that organizations with the Heroku Github integration got their source code potentially accessed by the attacker. Indeed the attacker had acquired OAuth tokens, which gave them access to the Github repositories.
I don't have the Heroku Github integration, I use Heroku the traditional way: git push heroku master, my source code isn't on Github.
However it was later found during the investigation that the attacker got access to an internal Heroku machine and an internal database.
I thus wonder whether the git repositories such as mine, pushed to Heroku's git server, were accessible by the attacker.
Would anybody with insights into Heroku's infrastructure know whether that is the case or not?
