Branching model

Regular releases

The DefectDojo team aims to maintain the following cadence:

  • Minor releases: at least once a month on the first Monday of the month.
  • Patch/Bugfix: releases every week on Monday.
  • Security releases: will be performed outside of our regular cadence depending on severity.

GitHub Actions are the source of truth. The releases are semi-automated. The steps for a regular release are:

  1. Create the release branch from dev or bugfix and prepare a PR against master (details) –> A maintainer verifies and manually merges the PR
  2. Tag, issue draft release and docker build+push (details) –> A maintainer massages the release-drafter notes and publishes the release
  3. A PR to merge master back to dev and bugfix is created to re-align the branches (details)

Security releases

PRs that relate to security issues are done through security advisories which provide a way to work privately on code without prematurely disclosing vulnerabilities.

Release and hotfix model

Schemas

Diagrams created with plantUML. Find a web-based editor for PlantUML at https://www.planttext.com.

Documentation

A dev version of the documentation built from the dev branch is available at DefectDojo Documentation - dev branch.