Security scanning branches.
By default, LFX Security configures our vendors to scan the “default” branch as specified in the GH repository settings. Our vendors can scan other branches, but we have not brought that configurability to our portal. LFX Security serves as an “aggregation view” where we pull in security details from multiple sources to provide a “snapshot” or “overview” of sorts. More specifically:
Snyk, who conducts our vulnerabilities scanning, can be configured to scan any branch. If the community members want scanning on specific branches (or all branches), then we recommend they incorporate Snyk as part of their normal CI/CD process to identify and “catch” vulnerabilities early the in the development lifecycle (e.g. when the pull request is created).
BluBracket, who conducts our code secrets scanning and non-inclusive word/language scanning, has the ability to scan all branches and all history since the beginning of the repository’s life. Soon, they will have an API which will allow us to specify which branch we want to showcase in our portal. Until then, we use their default results. They also provide a scanner for the CI/CD tooling/process. Community members are encouraged to use it as well.