Skip to main content

AdversaryGraph v6 Release Readiness

AdversaryGraph v6.0.0 is production-oriented for a controlled self-hosted deployment that passes the operator acceptance gates. It is not a managed SaaS, a tenant-isolation boundary, or safe for direct internet exposure with default settings.

Automated Gate

From the repository root:

./scripts/release-readiness.sh --full

The gate checks release metadata, patch hygiene, default and production Compose rendering, frontend lint/build/browser tests, backend lint/tests, and the available SAST, dependency, secret, and container checks. Optional local tools are reported as skipped and remain mandatory where configured in CI.

Deployment Go/No-Go

A production deployment is a go only when it has:

  • TLS through a trusted reverse proxy;
  • named authenticated users, appropriate RBAC, and no bootstrap credentials;
  • private PostgreSQL, Redis, worker, malware-analysis, and attack-lab networks;
  • externally managed strong secrets;
  • approved upload, retention, deletion, and export rules;
  • a verified pre-upgrade backup and tested restore procedure;
  • health, logs, traces, metrics, storage, and job monitoring;
  • a previous version and database restore path ready for rollback.

Required Boundaries

  • Treat AI mappings, generated detections, actor similarity, and network fingerprints as reviewable signals.
  • Separate real lab telemetry from synthetic source-shaped telemetry.
  • Run Attack Simulation only against approved lab fixtures.
  • Keep dynamic malware execution disabled without an approved isolated runtime.
  • Do not upload private or customer data to the public workspace.

For the complete checklist, release evidence, and rollback commands, see the v6 readiness source in GitHub.