What branch does Vanta look at for GitHub tests?

  • Updated

Vanta has multiple GitHub tests which check certain settings on branches for repositories that are being scanned. Vanta will currently only check one branch, and the branch that is being used for tests may differ depending on additional set up that was completed when integrating GitHub.

To determine which branch Vanta is looking at for a test, you will want to check if you've set the "vanta_production_branch_name" custom property at the organization level. This was optional when setting up the integration initially:

SetupProductionBranch.png

If this was not set, by default Vanta will look at the default branch for the repository.

To check this in GitHub, follow these steps

1. Navigate to the settings page for your organization

2. Select the Custom properties option under the Repository category:

VantaProdBranchGithub.png

If a custom property is set, Vanta will be exclusively looking at that branch for the test. While there is a default value that is set at creation of this property, you can update the property per repository by selecting Set Values in GitHub. If you would rather have Vanta look at the default branch for all repositories, you can delete the Custom property entirely and Vanta will look at the default branch.

You can also see which branches Vanta is looking at by exporting test data for the test by selecting More>Export Test Data on the top right of the test page in Vanta:

AppChangesTestData.png

If a productionBranch is listed for the repository, Vanta is only looking at this branch for the test. Removing the custom property in GitHub will allow the test to only look at the defaultBranch value