**In Scope:** * Support reachability metadata on tracked branches, presenting the data in the vulnerability report, vulnerability details, and pipeline security tab for SCA vulnerabilities on non default branches. * Support autoremediation policies for vulnerabilities on non default branches. * Support auto dismiss policies for vulnerabilities on non default branches. * For all policies, include any relevant policy affecting the vulnerability in vulnerability details on vulnerabilities on non default branches. * Support FP analysis on tracked branches, presenting the data in the vulnerability report and vulnerability details page and pipeline security tab for SAST and Secrets on non default branches * Support 'SDLC agent' context collection on non default branch vulnerabilities * Support SAST and SCA VR executions on vulnerabilities found on tracked non default branches. **Out of Scope:** * Support for these behaviors on untracked developer branches in the merge request (see [**Security Data in Merge Request Iteration 5: FP Detection & VR Support**](https://gitlab.com/groups/gitlab-org/-/work_items/21634#top)**)** **Designs:** _TBD_ **Dependencies:** _TBD_