Vanta has multiple GitHub tests that check certain settings on branches for repositories being scanned. Vanta will currently only check one branch, and the branch being used for tests may differ depending on the additional setup that was completed when integrating GitHub.
To determine which branch Vanta is looking at for a test, you will want to check if you've set the "vanta_production_branch_name" custom property at the organization level. This was optional when setting up the integration initially:
If this is not set, by default, Vanta will look at the default branch for the repository.
To check this in GitHub, follow these steps
Navigate to the settings page for your organization
Select the Custom properties option under the Repository category:
If a custom property is set, Vanta will only look at that branch for the test. While a default value is set at creation of this property, you can update the property per repository by selecting Set Values in GitHub. If you would rather have Vanta look at the default branch for all repositories, you can delete the Custom property entirely, and Vanta will look at the default branch.
You can also see which branches Vanta is looking at by exporting test data for the test by selecting More>Export Test Data on the top right of the test page in Vanta:
If a productionBranch is listed for the repository, Vanta is only looking at this branch for the test. Removing the custom property in GitHub will allow the test to only look at the defaultBranch value.