Branching model

How to create releases

Regular releases

The DefectDojo team aims to release at least once a month, on the last Tuesday. Bugfix or security releases can come at any time.

In doubt, GitHub Actions are the source of truth. The releases are semi-automated right now, with a DefectDojo maintainer proceeding with each major step in the release. The steps for a regular release are:

  1. Create the release branch from dev and prepare a PR against master (details) –> A maintainer verifies and manually merges the PR
  2. Tag, issue draft release and docker build+push (details) –> A maintainer massages the release-drafter notes and publishes the release
  3. A PR to merge master back to dev is created to re-align the branches (details)

Security releases

PRs that relate to security issues are done through security advisories which provide a way to work privately on code without prematurely disclosing vulnerabilities.

Release and hotfix model

Schemas

Diagrams created with plantUML. Find a web-based editor for PlantUML at https://www.planttext.com.

Last modified May 7, 2021: Documentation Update (#4468) (5488c932)