Scan Types

Pull Request Scans (PR Scans)

PR scans are designed to answer: “Is this change safe to merge?”

Typical Characteristics:

Runs on every PR automatically (and again on updates)
Focuses heavily on diff-aware findings where possible
Prioritizes actionable issues to reduce noise
Supports AI AutoFix suggestions (when safe/applicable)

Branch Scans

Branch scans are designed to answer: “What is the security posture of this branch today?”

Typical Characteristics:

Runs on every push automatically
Produces a consistent posture baseline for the branch
Generates branch-level outputs like SBOM
Powers trends/history: new vs existing issues

You can also trigger a scan manually from the UI (useful for validations, release readiness, or reruns after policy changes).