Branching Best Practices with Mayhem
A scenario many of our customers encounter early on when using Mayhem is how to account for branches.
While there’s no “one size fits all” approach, there are a few best practices the ForAllSecure team recommends to ensure that you’re not duplicating efforts, slowing down deployment with testing, or leaving parts of your application unprotected.
Let Mayhem Automatically Manage Test Creation
When incorporating a feature branch into main, you might be changing application functionality significantly or just making a minor tweak. Part of the challenge of testing at this stage is knowing how to test the code from both branches once it's integrated.
Many teams build additional unit tests at this stage or wait until this point to run behavioral tests. Either way, there’s an increased burden on developers with every merge. Because Mayhem generates and performs thousands of tests with each run, this approach doesn’t make sense. Mayhem tests your application as a whole—first party and third party code alike.
If you test on a branch then merge it into main, Mayhem will automatically create new test cases that are more appropriate for the updated application and prune test cases that are no longer necessary or redundant. Mayhem’s algorithms are tuned to always increase coverage so you’re not at risk of losing protection when merging. Keep an eye on Mayhem’s coverage reports to see this in action.
Take Advantage of Mayhem’s Continuous Testing
Because Mayhem is self-learning and dynamic, the number of test cases are infinite. By enabling Mayhem’s continuous testing, you ensure that all available testing resources are active, constantly generating new test cases and finding new defects against your applications and APIs.
This improves your overall coverage and delivers even stronger protection for your applications. The average Mayhem user sees a 3x increase in defects found after enabling continuous testing. This gives you extra assurance that once your branches are merged, Mayhem will continuously expand coverage and verify how newly introduced code interacts with existing code at runtime.
By leveraging this extra capacity against your main branch, you’re able to build in a second layer of application security—providing continuous, automated testing for production reliability and security. It’s the “shift right” of Mayhem’s DevSecOps approach.