".git" is only one of many checks performed by Nikto (an open source security scanner - https://cirt.net/Nikto2), but there are other checks and many other scanners.
Is this just hosted nikto2? It sounds very cool. Do you distribute against different cloud systems? I know you're a pro from the site address but I'd be worried about quick blacklisting; I'm sure you're effective.
Not only nikto2, but other scanners (https://gauntlet.io/en/product/supported-scanners/) as well. It comes with open source installed, but integrate with commercial too. Currently each scan triggers a new virtual machine - thus a new IP Address and all applications need to be verified prior to execute a scan (e.g., Google Analytics require metatag, file upload or dns record).
shameless plug: I've developed a service that you run to check against vulnerabilities in your apps/servers and it has a free plan (https://my.gauntlet.io/registration.html) in case you're interested (https://gauntlet.io).