chore(release): prepare v0.11.1

.env.example

@@ -34,9 +34,9 @@ TRAEFIK_LOG_LEVEL=INFO
 IMAGE_REGISTRY=ghcr.io/trustedoss
 # IMAGE_TAG pins the container tags pulled by the production compose stack.
 # Bump this on every release; never use :latest. The release workflow
-# publishes both an immutable X.Y.Z tag and a movable X.Y tag. 0.11.0 is the
-# first release published under the trusca-* image names.
-IMAGE_TAG=0.11.0
+# publishes both an immutable X.Y.Z tag and a movable X.Y tag. The trusca-*
+# image names start at 0.11.0; 0.11.1 is a UI / branding patch.
+IMAGE_TAG=0.11.1
 
 # ---------- Evaluation (lightweight 2 vCPU / 4 GB profile) ----------
 # Used by the eval overlay + scripts/eval-up.sh:

CHANGELOG.md

@@ -5,6 +5,34 @@ All notable changes to TrustedOSS Portal are documented in this file.
 The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and the project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.11.1] — 2026-06-13
+
+A UI / branding patch release. No backend or API changes — only the frontend
+image, docs, and Helm chart metadata change versus `0.11.0`.
+
+### Changed
+- **Theme reverted to the W11 light theme.** The W13 "Google AI Studio"
+  re-skin shipped in `0.11.0` (white canvas, blue primary, pill buttons) is
+  rolled back to the W11 Vercel + Linear look (off-white canvas, warm
+  near-black primary, square corners, blue Low badge). The TRUSCA brand and
+  rename are unaffected.
+- **New logo.** The mark is now a dark-slate tile (`#0f172a`) with a teal
+  check accent (`#2dd4bf`) and an ink "TRUSCA" wordmark; the full lockup adds
+  the tagline "TrustedOSS SCA" on the login gateway. Replaces the earlier
+  flat-black and teal-gradient marks.
+- **Complete favicon set.** Added `favicon.ico` (16 / 32 / 48) and an
+  `apple-touch-icon.png` (iOS home screen) alongside the existing SVG, wired
+  into `index.html` with a `theme-color`. Previously SVG-only.
+
+### Fixed
+- **Helm chart icon URL.** `Chart.yaml`'s `icon:` pointed at a non-existent
+  path (`docs/static/.../logo.png`); it now resolves to
+  `docs-site/static/img/logo.png` (a new 256×256 raster of the mark).
+
+### Docs
+- Regenerated the docs Open Graph social card with the new logo; added a
+  README header logo; refreshed the design-system and brand reference pages.
+
 ## [0.11.0] — 2026-06-12
 
 The first post-GA feature release. Headlines: the product is **renamed to

README.md

@@ -7,7 +7,7 @@
 <p align="center"><em>TrustedOSS SCA — open-source software composition analysis</em></p>
 
 [![License: Apache 2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](LICENSE)
-[![Release](https://img.shields.io/badge/release-v0.10.0-2563eb.svg)](CHANGELOG.md)
+[![Release](https://img.shields.io/badge/release-v0.11.1-0f766e.svg)](CHANGELOG.md)
 [![Docs](https://img.shields.io/badge/docs-trustedoss.github.io-0f172a.svg)](https://trustedoss.github.io/trusca/)
 [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/13060/badge)](https://www.bestpractices.dev/projects/13060)
 

charts/trustedoss/Chart.yaml

@@ -12,12 +12,12 @@ type: application
 
 # Chart version is the packaging version (SemVer); bump on every chart change.
 # Kept aligned with the application version while the two release in lock-step.
-version: 0.11.0
+version: 0.11.1
 
 # appVersion tracks the released container image tag (image.tag default).
 # Keep in lock-step with .env.example IMAGE_TAG / docker-compose IMAGE_TAG and
 # the .github/workflows/release.yml image tags.
-appVersion: "0.11.0"
+appVersion: "0.11.1"
 
 keywords:
   - sca

charts/trustedoss/values.yaml

@@ -30,7 +30,7 @@ image:
   # Frontend image (React SPA on nginx, listens on :8080).
   frontendRepository: ghcr.io/trustedoss/trusca-frontend
   # Tag applied to ALL three images. Kept in lock-step with Chart.yaml appVersion.
-  tag: "0.11.0"
+  tag: "0.11.1"
   pullPolicy: IfNotPresent
 # -- Image pull secrets for private registries (list of {name: ...}).
 imagePullSecrets: []

docker-compose.yml

@@ -266,7 +266,7 @@ services:
   # API — FastAPI + uvicorn, fronted by Traefik on /api and /health.
   # ---------------------------------------------------------------------------
   backend:
-    image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/trusca-backend:${IMAGE_TAG:-0.11.0}
+    image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/trusca-backend:${IMAGE_TAG:-0.11.1}
     restart: unless-stopped
     environment:
       <<: *backend-env
@@ -370,7 +370,7 @@ services:
   # with CELERY_CONCURRENCY; the SCANCODE_* guards cap per-task blowups.
   # ---------------------------------------------------------------------------
   worker:
-    image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/trusca-backend-worker:${IMAGE_TAG:-0.11.0}
+    image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/trusca-backend-worker:${IMAGE_TAG:-0.11.1}
     restart: unless-stopped
     command: celery -A tasks.celery_app worker --loglevel=info --concurrency=${CELERY_CONCURRENCY:-2}
     environment:
@@ -446,7 +446,7 @@ services:
   # workspace orphan cleaner, source-archive retention).
   # ---------------------------------------------------------------------------
   beat:
-    image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/trusca-backend-worker:${IMAGE_TAG:-0.11.0}
+    image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/trusca-backend-worker:${IMAGE_TAG:-0.11.1}
     restart: unless-stopped
     command: celery -A tasks.celery_app beat --loglevel=info --schedule=/tmp/celerybeat-schedule
     environment:
@@ -487,7 +487,7 @@ services:
   # SPA — Vite bundle served by nginx, fronted by Traefik on `/`.
   # ---------------------------------------------------------------------------
   frontend:
-    image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/trusca-frontend:${IMAGE_TAG:-0.11.0}
+    image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/trusca-frontend:${IMAGE_TAG:-0.11.1}
     restart: unless-stopped
     networks:
       - trustedoss

docs-site/docs/release-notes/v0.10.0.md

@@ -3,7 +3,7 @@ id: v0-10-0
 title: v0.10.0 — First public release
 description: Highlights of the first public release of TrustedOSS Portal — Trivy single-engine scanning, EPSS prioritization, VEX, EN/KO docs, Helm chart, and the modern enterprise UI.
 sidebar_label: v0.10.0
-sidebar_position: 1
+sidebar_position: 3
 ---
 
 # v0.10.0 — First public release

docs-site/docs/release-notes/v0.11.0.md

@@ -0,0 +1,46 @@
+---
+id: v0-11-0
+title: v0.11.0 — TRUSCA (renamed) + read-only demo
+description: The product is renamed to TRUSCA, a public read-only demo SaaS becomes deployable to a single Hetzner server, plus a UI craft pass and a hardening sweep.
+sidebar_label: v0.11.0
+sidebar_position: 2
+---
+
+# v0.11.0 — TRUSCA (renamed) + read-only demo
+
+The first post-GA feature release. The full machine-readable changelog lives
+in [`CHANGELOG.md`](https://github.com/trustedoss/trusca/blob/main/CHANGELOG.md);
+this page is the human-readable summary.
+
+## Highlights
+
+### Renamed — TrustedOSS Portal is now TRUSCA
+
+The product is now **TRUSCA** — the SCA tool of the TrustedOSS initiative. The
+GitHub repository, container images, and documentation path moved to the new
+name:
+
+- Images: `ghcr.io/trustedoss/trusca-backend`, `trusca-backend-worker`,
+  `trusca-frontend` (the `trusca-` prefix starts at this release).
+- Docs: `https://trustedoss.github.io/trusca/`.
+- Internal identifiers (DB roles, Celery task names, server paths) intentionally
+  keep their previous names — no migration is required to upgrade.
+
+### Public read-only demo
+
+A self-contained, read-only demo can be deployed to a single Hetzner server,
+with seeded projects, scans, and findings so evaluators can explore the UI
+without writing data. Read-only mode is surfaced in the UI and enforced server
+side.
+
+### UI craft pass + hardening
+
+A typography / motion / empty-state polish pass (W11–W12) and a hardening sweep
+from an external verification campaign landed in this release.
+
+## Upgrade notes
+
+- Container images are published under the new `trusca-*` names. The production
+  `docker-compose.yml` and Helm chart already reference them; pin `IMAGE_TAG`
+  to the release you are running.
+- Releases `<= 0.10.0` remain under the old image names and are unaffected.

docs-site/docs/release-notes/v0.11.1.md

@@ -0,0 +1,40 @@
+---
+id: v0-11-1
+title: v0.11.1 — Theme rollback + new logo
+description: A UI / branding patch — the W13 theme is rolled back to the W11 light theme, a new dark-slate logo and complete favicon set land, and the Helm chart icon is fixed.
+sidebar_label: v0.11.1
+sidebar_position: 1
+---
+
+# v0.11.1 — Theme rollback + new logo
+
+A **UI / branding patch release**. There are no backend or API changes — only
+the frontend image, documentation, and Helm chart metadata change versus
+`0.11.0`. The full machine-readable changelog lives in
+[`CHANGELOG.md`](https://github.com/trustedoss/trusca/blob/main/CHANGELOG.md).
+
+## Highlights
+
+### Theme rolled back to the W11 light theme
+
+The W13 "Google AI Studio" re-skin from `0.11.0` (white canvas, blue primary,
+pill buttons) is rolled back to the **W11 Vercel + Linear** look — off-white
+canvas, warm near-black primary, square corners, blue Low badge. The TRUSCA
+brand and rename are unaffected.
+
+### New logo + complete favicon set
+
+The mark is now a **dark-slate tile with a teal check accent** and an ink
+"TRUSCA" wordmark; the full lockup adds the **"TrustedOSS SCA"** tagline on the
+login gateway. A complete favicon set ships alongside the SVG: `favicon.ico`
+(16 / 32 / 48) and an `apple-touch-icon.png` for the iOS home screen.
+
+### Fixes
+
+- The Helm chart `icon:` URL pointed at a non-existent path; it now resolves
+  to the published mark raster.
+
+## Upgrade notes
+
+UI-only change. Pull the `0.11.1` images (or `helm upgrade` to chart
+`0.11.1`); no migration or configuration changes are required.

docs-site/sidebars.ts

@@ -98,7 +98,11 @@ const sidebars: SidebarsConfig = {
       type: "category",
       label: "Release notes",
       collapsed: true,
-      items: ["release-notes/v0-10-0"],
+      items: [
+        "release-notes/v0-11-1",
+        "release-notes/v0-11-0",
+        "release-notes/v0-10-0",
+      ],
     },
   ],
 };