Overview
The Automated remediation pull request feature, automatically creates pull requests (PRs) to update dependencies to versions without policy violations, when default branch is scanned.
More details about this feature and how "Automated pull requests" work can be found in this article.
There may be a requirement to trigger automated pull request on a different branch than already configured, in that case please follow the below steps.
Steps:
Change the default branch as needed(For Ex: dev), then update and "Test Configuration".
With this change, whenever the scan of your SCM repository’s branch(dev) finds a component with a policy violation that hasn't already been identified, and a newer version without the violation is available, Lifecycle will try to update the component to that newer version.
NOTE: Automated PRs are only created for any new violations (irrespective of branch), thus if "dev" branch was already scanned (before changing the default branch setting), then rescanning will not introduce any new vulnerabilities and no Auto PR is created.
Auto PR's are only created for components that does have known fixed versions.