I've been running the same scan since mid 2017 and it has netted me a substantial amount of bounties. There's 100s of people that run internet wide scans of exposed git. And of course I also report to companies that don't have bounties (anonymously). I actually found a different eBay domain with the same issue and they added me to their security hall of fame.

The main problem is that new developers come and go, so does the exposed gits.