Skip to main content
Skip table of contents

Mend Developer Platform Advanced Configurations

Scanning Additional Branches

Depending on your development flow, scanning more than just the default branch may be needed to capture the full risk posture of a specific application. Mend.io can scan additional branches in the repository by setting Base Branches or Release Branches. For most use cases, It is recommended to use Release Branches.

Base Branches and Release Branches can be configured either globally or locally under the "general" section of configuration settings. If your development teams have a standard set of branches to scan, setting base branches globally is preferred, otherwise they should be set on an individual repo basis. If a branch matches both Release Branch and Base Branch parameters, it will be scanned as a base branch.

Release Branches

When Release Branches are configured, Mend will upload the results of release branches to the Mend UI but it will not create issues or pull requests to those branches. This can be useful for tracking specific releases of the application for compliance without creating additional noise within the repository.

Pros

Cons

Release tracking in the UI

No information about release located in Repo

Regex matching to match versioning structure of teams

Separate configuration to allow for stricter requirements

image-20250723-205035.png

Base Branches

Scanning multiple base branches is supported for SAST scans. To learn more, click here.

Base Branches are treated the same way of the default branch in the Repository. In addition to the results being uploaded the UI, Issues will be created for vulnerabilities found on the branches, and Renovate Pull Requests will be created to updates the libraries on these branches. This can be useful if multiple releases are maintained in parallel.

Pros

Cons

Information in the Repo and UI

Noisy

Exact matches only

image-20240725-161951.png
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.