Mend Developer Platform Advanced Configurations

Scanning Additional Branches

Depending on your development flow, scanning more than the just the default branch may be needed to capture the full risk posture of a specific application. Mend can scan additional branches in the repository by setting base branches.

Base Branches

A current limitation of SAST is it will only scan 1 base branch. Please ensure the branch you wish to scan with SAST is set as the first base branch.

Base Branches are treated the same way of the default branch in the Repository. In addition to the results being uploaded the UI, Issues will be created for vulnerabilities found on the branches, and Renovate Pull Requests will be created to updates the libraries on these branches. This can be useful if multiple releases are maintained in parallel.

Base branches can be configured either globally or locally under the "general" section of configuration settings. If your development teams have a standard set of branches to scan, setting base branches globally is preferred, otherwise they should be set on an individual repo basis. These branches are case sensitive and only support exact matches.