Managing Releases
Create and manage release versions, set status, track release dates and end-of-life.
Releases represent specific versions of your software product. Each release follows an independent vulnerability disclosure workflow.
Creating a release
- Open a product page
- Click New Release
- Fill in the details:
- Version (required): The version identifier (e.g., "2.1.0", "v3.0-beta")
- Name: An optional human-friendly name (e.g., "February Security Patch")
- Release Date: When this version was or will be released
- End of Life Date: When this version will no longer receive updates
- Notes: Internal notes about the release
- Status: Active (default) or Deprecated
- Click Create Release
Release status
- Active: The release is current and actively maintained
- Deprecated: The release is no longer recommended for use
Release detail page
Each release has several tabs:
- Overview: Release metadata, compliance report link
- SBOM: Upload and view the Software Bill of Materials
- Triage: Review and classify discovered vulnerabilities
- VEX: Generate, review, and publish VEX documents
Editing a release
- Open the release page
- Click Edit
- Update any fields and click Save
Editing is disabled when the release is locked (during VEX approval or after publication).
Deleting a release
- From the product page, open the actions menu on a release row
- Select Delete and confirm
Deleting a release removes its SBOM, all vulnerabilities, dispositions, and VEX documents.
Vulnerability and disposition summary
The releases table on the product page shows two summary columns:
- Vulnerabilities: Total number of CVEs found for the release
- Dispositions: A color-coded breakdown showing how many are affected (red), fixed (green), not affected (blue), investigating (yellow), or not triaged (gray)
These summaries help you quickly identify which releases need attention.