Design: Track vulnerabilities in locations other than the default branch

What’s this issue all about?

Users want to track vulnerabilities on other branches besides the default one. They currently can't do this from the Vulnerability Report nor see stats about vulns on other branches from the Security Dashboard.

Who is the target user of the feature?

Primarily: Security engineers

Secondarily: developers responsible for application security (shift left and/or their org is small enough and they don't have a dedicated appsec team)

JTBD

1. When I am getting ready for a release, I want to check the staging branch to make sure I am not introducing any new vulnerabilities when I merge to production.
2. When I want to show leadership the progress the security team has made, I want to show my executive team that there were a lot of vulnerabilities on the development branch, but the total of criticals and highs went down by the time we deployed to the production branch.

What hypotheses and/or assumptions do you have?

MVC of letting users filter by one branch at a time will be sufficient. Post-MVC we can explore comparing branches or looking at multiple branches at once.