The DefectDojo team aims to release at least once a month, on the last Tuesday. Bugfix or security releases can come at any time.
In doubt, GitHub Actions are the source of truth. The releases are semi-automated right now, with a DefectDojo maintainer proceeding with each major step in the release. The steps for a regular release are:
- Create the release branch from
devand prepare a PR againstmaster(Details) --> A maintainer verifies and manually merges the PR - Tag, issue draft release and docker build+push (Details) --> A maintainer massages the release-drafter notes and publishes the release
- A PR to merge
masterback todevis created to re-align the branches (details)
PRs that relate to security issues are done through Security advisories which provide a way to work privately on code without prematurely disclosing vulnerabilities.
Diagrams created with plantUML. Find a web-based editor for PlantUML at https://www.planttext.com.