Mend Developer Platform Advanced Configurations
Scanning Additional Branches
Depending on your development flow, scanning more than just the default branch may be needed to capture the full risk posture of a specific application. Mend.io can scan additional branches in the repository by setting Base Branches or Release Branches. For most use cases, It is recommended to use Release Branches.
Base Branches and Release Branches can be configured either globally or locally under the "general" section of configuration settings. If your development teams have a standard set of branches to scan, setting base branches globally is preferred, otherwise they should be set on an individual repo basis. If a branch matches both Release Branch and Base Branch parameters, it will be scanned as a base branch.
Release Branches
When Release Branches are configured, Mend will upload the results of release branches to the Mend UI but it will not create issues or pull requests to those branches. This can be useful for tracking specific releases of the application for compliance without creating additional noise within the repository.
Pros | Cons |
|---|---|
Release tracking in the UI | No information about release located in Repo |
Regex matching to match versioning structure of teams | |
Separate configuration to allow for stricter requirements |
Base Branches
Scanning multiple base branches is supported for SAST scans. To learn more, click here.
Base Branches are treated the same way of the default branch in the Repository. In addition to the results being uploaded the UI, Issues will be created for vulnerabilities found on the branches, and Renovate Pull Requests will be created to updates the libraries on these branches. This can be useful if multiple releases are maintained in parallel.
Pros | Cons |
|---|---|
Information in the Repo and UI | Noisy |
Exact matches only |
