There is a lot more nuance than that, and the danger is more about well placed nationals who can be recruited than government trained spies.
This is what risk assesnments are for. The consequence of every piece of gitlab hosted code, much of it which runs on publically visible servers, falling into adveserial hands is catastrophic. A government may well make an offer too good to refuse.
On the otherhand, there are pleanty of other software jobs out there which pose minimal risk, and many companies demonstrably are more than willing to hire Russians or outsource to Russia.
This is what risk assesnments are for. The consequence of every piece of gitlab hosted code, much of it which runs on publically visible servers, falling into adveserial hands is catastrophic. A government may well make an offer too good to refuse.
On the otherhand, there are pleanty of other software jobs out there which pose minimal risk, and many companies demonstrably are more than willing to hire Russians or outsource to Russia.