This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Branching

Strategies for scanning different branches and managing baseline comparisons.

This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Strategies for scanning different branches and managing baseline comparisons.

This section provides best practices for managing branch scanning strategies with Endor Labs.

When integrating Endor Labs into your development workflow, consider the following branching strategies:

Scan your default branch (main/master) to establish a baseline of findings. This baseline is used for PR comparisons to identify new issues introduced by changes.

Use endorctl scan --pr for pull request or merge request scans. This compares findings against the target branch baseline to highlight only new issues.

For release branches, consider running full scans to capture the complete security posture of your release candidates.

  1. Establish baselines first: Always scan your default branch before enabling PR scanning to ensure accurate baseline comparisons.

  2. Regular baseline updates: Update baselines regularly by rescanning the default branch, especially after dependency updates.

  3. Branch-specific policies: Consider using different policies for different branch types (feature, release, hotfix).

  4. CI/CD integration: Integrate scans into your CI/CD pipeline to catch issues before merge.

For more information on scanning strategies, see the scanning strategies documentation.