ReleaseFlow LogoReleaseFlow
Now with SLSA Level 3 Support

Enterprise-Grade Release Orchestration & Supply Chain Security

Standardize, secure, and orchestrate software releases with immutable manifests. Decouple release logic from CI/CD pipelines.

$brew install releaseflow/tap/rflow
rflow — Release Orchestration
$

What is ReleaseFlow?

ReleaseFlow (rflow) is a manifest-driven release orchestration tool that decouples release logic from CI/CD pipelines. Every release is codified in an immutable manifest — your single source of truth.

1

Bootstrap

Generate immutable manifest, bump version

2

Build

Standard Docker/artifact build process

3

Secure

SBOM generation, scanning, signing

4

Promote

Validate gates, promote to environments

Standardized Releases

Same workflow across any environment, team, or artifact type.

Complete Provenance

Full audit trail and security posture for every artifact.

Universal Artifacts

Not just containers — Terraform, Ansible, Python, and more.

Everything You Need for Secure Releases

Built for modern DevOps teams who need enterprise-grade security without sacrificing developer productivity.

Supply Chain Security

Native integration with Cosign, Syft, and Trivy. Automatic SBOM generation, vulnerability scanning with policy gates, and cryptographic signatures.

SBOM GenerationVulnerability ScanningCryptographic Signing

Universal Artifact Support

Not just for Docker containers. Release Terraform modules, Ansible collections, Python scripts, and more with the same workflow.

Docker ImagesTerraform ModulesAnsible Collections

Immutable Manifests

Every release codified in YAML format. Complete audit trail for any version. Portable across pipelines and clusters.

YAML FormatFull Audit TrailVersion History

CI/CD Integration

Works as the "brain" of your pipeline. Decouples release logic from CI/CD tools. Compatible with GitHub Actions, Azure DevOps, GitLab.

GitHub ActionsAzure DevOpsGitLab CI

Developer Experience

Simple CLI interface with interactive initialization wizard. Fast, parallel execution for maximum efficiency.

Interactive WizardParallel ExecutionRich Output

Policy as Code

Define security gates in configuration. Automatic enforcement of policies. Prevent non-compliant artifacts from reaching production.

Security GatesAuto EnforcementCompliance Checks

Dynamic Red-Teaming

Autonomously sandbox and red-team your release artifacts using PyRIT to identify novel evasion techniques before deployment.

PyRIT IntegrationAutonomous SandboxingEvasion Detection

AI-BOM & Provenance

Track AI-generated code provenance. Record prompt templates, foundation model IDs, and local training data hashes in your manifest.

AI Artifact TrackingModel ProvenanceTraining Hashes

Agent Guardrails

Define strict operational boundaries and anomaly score thresholds for AI agents executing within your secure AppSec pipeline.

Runtime BoundariesAnomaly DetectionTool Enforcement

How ReleaseFlow Works

A simple, powerful workflow that integrates into your existing pipelines.

Step 1

Bootstrap

Creates your release manifest and bumps the version automatically based on SemVer.

$ rflow manifest generate
  • Reads configuration from .rflow.yaml
  • Auto-increments version (major/minor/patch)
  • Generates release-manifest.yaml
  • Integrates with Git tags

Get Started in Seconds

Install ReleaseFlow with a single command and start securing your releases.

Homebrew

macOS / Linux

$brew install releaseflow/tap/rflow

Shell Script

Linux / macOS

$curl -sSL https://get.releaseflow.io | sh

Ready to go?

Initialize your first project with the interactive wizard.

$rflow init
Read the Documentation

Get in Touch

Have questions about ReleaseFlow? We'd love to hear from you.