Skip to Content
SCA & DependenciesBranch Comparison

Branch Comparison

Compare security findings between two branches to see what is new, what is fixed, and what is common.

How to Compare

  1. Navigate to SCA > Branch Compare.
  2. Select your repository from the dropdown.
  3. Enter the base branch (e.g., main) and compare branch (e.g., dev).
  4. Click Compare.

CodeStax compares the latest scan results from each branch and groups the findings into three categories.

What You See

New Issues

Vulnerabilities found in the compare branch but not in the base branch. These are highlighted in red and represent newly introduced risk. If you are considering merging the compare branch, these are the findings that need attention.

Fixed Issues

Vulnerabilities present in the base branch that are no longer found in the compare branch. These are highlighted in green and represent security improvements.

Common Issues

Vulnerabilities that exist in both branches. These are shared findings that persist regardless of which branch you are on.

Severity Breakdown

Each category (new, fixed, common) shows a severity breakdown across Critical, High, Medium, and Low levels. This lets you quickly assess the security impact of merging without reviewing every individual finding.

Use Cases

  • Pre-merge review — Check what a feature branch introduces or fixes before merging to main.
  • Environment comparison — Compare development vs production security posture.
  • Release tracking — See what a release branch fixed versus what it introduced.
  • Regression detection — Verify that a hotfix branch did not reintroduce previously resolved vulnerabilities.

Requirements

Both branches must have at least one completed scan for comparison to work. If a branch has no scan data, CodeStax prompts you to trigger a scan first.

Branch-Level ScanningPackage Health Scoring