Releases¶
[!NOTE] Required role:
developer,compliance_manager,manageroraccount_admin
A release is a published, frozen version of an approved module. Once released, the SBOM is locked and TrustSource begins continuous monitoring for new vulnerabilities — even after your development team has moved on.
Release lifecycle¶
- A module goes through the approval workflow.
- The compliance manager approves — the snapshot is frozen.
- The approved module appears in the releases list as a releasable version.
- The release can be linked to a product as a solution.
The releases list¶
Navigate to Internal → Releases to see all releases.
| Column | What it shows |
|---|---|
| Approved | Date the approval was finalized. |
| Name | Release name. |
| Version | Release version. |
| Project / Module | Source project and module. |
| Contact | The person who closed the approval. |
| Link | Link action to associate with a product. |
📸 Screenshot: the releases list with approval dates and version numbers.
Post-release monitoring¶
Released modules are continuously monitored for:
- New vulnerabilities — CVEs published after the release date.
- Component status changes — licence or viability changes.
- Export control updates — changes to restricted classifications.
See Post-Release Vulnerability Tracking for details.
Related¶
- Approvals — the workflow that creates releases
- Products → Link with Release — connecting releases to products