Dependabot configuration for alerts


Question about dependabot. Does it only scan the main/master branch or it scans all the branches available in the repos? Is there any configuration to force it to do scan a specific branch?

On top of that, does it only scan the pom.xml or can it scan any other file, as if for example i am using myprojecpom.xml instead of pom.xml?