Environment field

The Environment field (optional) under scanparams works both on the UI and KDT as an optional field.
The values of this field can be one of; Development, Staging, Production, Feature or None.

Vulnerabilities belonging to Feature environment are deleted automatically in the frequency set by the user under the Feature Branch Mgmt. setting under global settings which can be overriden under project settings. Kondukto checks for the last scan date of the relevant branch (regardless of the scanner) to decide if the vulnerabilities should be deleted or retained.

Project Level Feature Branch Mgmt.

Global Feature Branch Mgmt.

The source branch which is used to compare vulnerabilities discovered in feature branches to those discovered in this source branch, can be defined on a global level or can be overriden on the project level from the same settings shown in the screenshots above.

Fork scan is enabled by default for scans where Feature is selected as an environment. Since fork scans require a source branch, if there is no source branch defined on a global or project level, then a warning pops up on the UI saying that "Fork source branch is mandatory for feature environments when fork source branch toggle is on. Click here to define the fork source branch for this project."

In KDT, just like on the UI, the env parameter is optional and can be used with the "--env" parameter.

A fork scan can be enabled on KDT by passing the "-M" or "--fork-source" parameters to capture the source branch. If the same branch needs to be saved as the defined source branch of the project, "--override-fork-source" parameter can be used.

When fork source branch is enabled, vulnerabilities discovered in feature branches that are the same as the ones in the source branch are marked as Recurrent instead of New.

In the project and product dashboards, when "All" branches are selected, there is an Environment Breakdown chart that shows the distribution of vulnerabilities across different environments.