Merge pull request #367 from hlxsites/non-default-br-scan

Non default br scan

docs/en/enterprise-edition/content-collections/application-security/collection-application-security.yml

@@ -103,6 +103,8 @@ topics:
                 file: connect-vscode.adoc             
               - name: Jetbrains
                 file: connect-jetbrains.adoc
+      - name: Non-Default Branch Scan
+        file: non-default-branch-scan.adoc
       - name: Manage Transporter (Network Tunnels)
         dir: manage-network-tunnel
         topics:

docs/en/enterprise-edition/content-collections/application-security/get-started/get-started.adoc

@@ -20,6 +20,9 @@ This section provides you with step-by-step instructions and best practices to h
 |Connect your *Code and Build Providers* including VCS, CI/CD Runs and systems, artifactory and IDEs
 |xref:connect-code-and-build-providers/connect-code-build-providers.adoc[Code and Build Providers]
 
+|Scan non-default branches
+|xref:non-default-branch-scan.adoc[Non-default branch scans]
+
 |Gain *visibility* into your engineering technical stack
 |xref:../visibility/repositories.adoc[Repositories]
 

docs/en/enterprise-edition/content-collections/application-security/get-started/non-default-branch-scan.adoc

@@ -1,39 +1,44 @@
-////
-== Non-Default Branch Scans
+:topic_type: task
 
-You can scan branches other than the main or master, such as a feature branch or sprint branch, to obtain a comprehensive overview of the security issues in those branches before merging them into the main branch. This practice ensures that these branches are secure before being deployed to production.
+[.task]
 
-=== Support for Non-Default Branch Scans
+== Non-Default Branch Scan
 
-* *Supported version control systems* (VCS): GitHub, GitLab
-* *Enforcement rules*: These rules remain unimpacted, as they are enforced at the repository level, regardless of the branches scanned
-* *Tagging rules*: These rules are applicable exclusively to the main branch
-* *Excluding paths*: Path exclusions are implemented at the repository level, and therefore are not impacted
-* *Drift detection*: Drift detection is executed on the branch being scanned and is displayed in the results for each selected branch
-* *Dashboard*: Shows the results of the scanned non-default branch
+You can scan branches other than the main or master, such as a feature branch or sprint  branch,  to obtain a comprehensive overview of the security issues in those branches before merging them into the main branch.  
 
-[.task]
+=== Support for Non-Default Branch Scans
 
-=== Setup Non-Default Branch Scans
+* All version control systems (VCS) are supported
+* Enforcement rules remain unimpacted, as they are enforced at the repository level, regardless of the branches scanned
+* Tagging rules are applicable exclusively to the main branch
+* Path exclusions are implemented at the repository level, and therefore are not impacted
+* Drift detection is executed on the branch being scanned and is displayed in the results for each selected branch
+* The Dashboard displays the results of the scanned non-default branch
+
+=== Configure Non-Default Branch Scans
 
 [.procedure]
 
-. Before you begin, make sure that you have Administrator or Owner permissions to the repository.
-. On the Prisma Cloud console, select *Application Security* > *Home* > *Settings* > Click on the *Code & Repositories* tab.
+. Before you begin, ensure that you have *Administrator* or *Owner* permissions to the repository.
+. On the Prisma Cloud console, select *Application Security* > *Home* > *Settings* > click on the *Code & Repositories* tab.
 +
 An inventory of *Repositories* is displayed.
 
-. Select the menu under the *Actions* column of a repository where you want to scan a non-default branch > *Set scanned branch*. 
+. Select the menu under the *Actions* column of a repository in which you want to scan a non-default branch > *Set scanned branch*. 
++
+*Limitation*: Branch selection or switching branches is unavailable until either the initial integration process is completed or an integration update has been completed.
 +
-image::application-security/non-default-branch-menu1.1.png[]
+image::application-security/non-default-branch-set-scanbranch1.1.png[]
 
 . In the modal that opens, select a branch from the menu > *Save* > *Approve*.
 +
-image::application-security/non-default-branch-select.png[]
+image::application-security/non-default-branch-select1.1.png[]
++
+A scan on the non-default branch is immediately triggered after switching branches. Under the *Code & Build Providers* tab you can see the name of non-default branch of the repository displayed under the *Scanned Branch* column, while the *last scan date* column indicates the latest scan date of the selected branch.
 
 === Usage
 
-Usage of a non-default branch is similar to that of a default branch. The following provides a reference to get you up and running.
+Usage of a non-default branch is similar to that of a default branch. The following provides a quick reference to get you up and running. 
 
 * *Monitor code build issues*: Prisma Cloud performs periodic scans on  non-default branches of integrated repositories of Version Control Systems (VCS) and event driven scans for CI/CD pipelines. For more on monitoring scan results see xref:../risk-management/monitor-and-manage-code-build/monitor-code-build-issues.adoc [Monitor Code Build Issues].
 +
@@ -47,7 +52,6 @@ NOTE: When fixing an issue that has been opened on a non-default branch scan, th
 
 [NOTE]
 ====
-* When suppressing an issue by policy or account, all issues are suppressed regardless of the selected branch.
-* When suppressing an issue in a PR scan, the suppression will apply to the branch that the PR is about to be merged into. For example, if the periodic scan is on a non default branch, but the PR is to the default branch, then the suppression will not be applied in the periodic scans of the non-default branch.
+* When suppressing an issue by policy or account, all issues are suppressed regardless of the selected branch
+* When suppressing an issue in a Pull Request (PR) scan, the suppression will apply to the branch that the PR is about to be merged into. For example, if the periodic scan is on a non default branch, but the PR is to the default branch, then the suppression will not be applied in the periodic scans of the non-default branch.
 ====
-////

docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/monitor-and-manage-code-build.adoc

@@ -8,10 +8,9 @@ Before you begin, ensure you have connected xref:../../get-started/connect-code-
 |===
 |*What do you want to do?*
 |*Start here*
-
-// |Scan non-default branches 
-// |xref:../get-started/non-default-branch-scan.adoc[Non-Default Branch Scans] 
 
+|Scan non-default branches 
+|xref:../../get-started/non-default-branch-scan.adoc[Non-Default Branch Scan]
 
 |*Monitor Code Build Issues*
 

docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/monitor-code-build-issues.adoc

@@ -1,10 +1,12 @@
 == Monitor Code Build Issues
 
-Prisma Cloud performs periodic scans on each integrated repository of the Version Control Systems (VCS) and event driven scans for CI/CD pipelines to find infrastructure misconfigurations, open source vulnerabilities, license compliance violations, and exposed secrets. After successful integrations there are three types of scans that run on the console.
+Prisma Cloud performs periodic scans on each integrated repository of the Version Control Systems (VCS) and event driven scans for CI/CD pipelines to find infrastructure misconfigurations, open source vulnerabilities, license compliance violations, CI/CD risks and exposed secrets. 
+
+The console initiates four types of scans.
 
 * *VCS default branch scans*: Periodic scans performed on all main branches across repositories. During integration if you have not specified the branches for scan in your repository, Prisma Cloud by default considers the master branch.
 
-// * *VCS non-default branch scans*: Periodic scans performed on selected non-default branches across repositories.
+* *VCS non-default branch scans*: Periodic scans performed across repositories on branches other than the default branch, as selected by the user.
 
 * *VCS Pull Requests*: Event driven scans using Enforcement parameters are run on branches with open Pull Requests (PR) from your integrated repositories. The scan results are determined by the default *Enforcement* thresholds or otherwise configured by you.
 * *CLI and CI/CD runs*: Event driven scans performed on runs as configured by using the Enforcement parameters.

docs/en/enterprise-edition/content-collections/book.yml

@@ -1307,6 +1307,8 @@ topics:
                 file: connect-vscode.adoc
               - name: Jetbrains
                 file: connect-jetbrains.adoc
+      - name: Non-Default Branch Scan
+        file: non-default-branch-scan.adoc 
       - name: Manage Transporter (Network Tunnels)
         dir: manage-network-tunnel
         topics: