The DefectDojo team aims to release at least once a month, on the first Tuesday. Bugfix or security releases can come at any time.
In doubt, GitHub Actions are the source of truth. The releases are semi-automated right now, with a DefectDojo maintainer proceeding with each major step in the release. The steps for a regular release are:
dev
and prepare a PR against master
(details)
–> A maintainer verifies and manually merges the PRmaster
back to dev
is created to re-align the branches (details)PRs that relate to security issues are done through security advisories which provide a way to work privately on code without prematurely disclosing vulnerabilities.
Diagrams created with plantUML. Find a web-based editor for PlantUML at https://www.planttext.com.
A dev
version of the documentation built from the dev
branch is available at DefectDojo Documentation - dev branch.