DefectDojo

DefectDojo is a security program and
vulnerability management tool.
DefectDojo allows you to manage your application security program, maintain
product and application information, triage vulnerabilities and
push findings into defect trackers.
Consolidate your findings into one source of truth with DefectDojo.

Quick Start

git clone https://github.com/DefectDojo/django-DefectDojo
cd django-DefectDojo
# building
docker-compose build
# running
docker-compose up
# obtain admin credentials. the initializer can take up to 3 minutes to run
# use docker-compose logs -f initializer to track progress
docker-compose logs initializer | grep "Admin password:"

Navigate to http://localhost:8080.

Alternatively, try out the demo sever at demo.defectdojo.org

Documentation

For detailed documentation you can visit
Github Pages.

Supported Installation Options

** Now EOL'ed **

Setup.bash

Getting Started

We recommend checking out the
Core Data Classes document to
learn the terminology of DefectDojo and the
getting started guide
for setting up a new installation.
We've also created some example
workflows that
should give you an idea of how to use DefectDojo for your own team.

REST APIs

Defectdojo can be accessed through a Swagger REST API. Please see the API documentation or the in-app Swagger documentation.

Client APIs and wrappers

This section presents different ways to programmatically interact with DefectDojo APIs.

See Wrappers

Release and branch model

We release every month on the last Tuesday. These release are minor releases, i.e. 2.0.0 to 2.1.0. In between there might be bugfix/hotfix/patch releases when needed, i.e. 2.0.1.

See Release and branch model

Roadmap

A magical, illusionary, non-existent, YMMV, wannabe, no guarantees list of thing we may or may not be working on:

New permission model (underway)
Push groups of findings to a single JIRA ticket (experimental now in!)
Reimport matching improvements

Wishlist

To manage expectations, we call this the wishlist. These are items we want to do, are discussing or pondering our minds:

New modern UI / SPA
New dashboarding / statistics
New search engine
Adopt a plugin framework to allow plugins for issue trackers, parsers, reports, etc
More flexible model

Support, Bug Reports and Getting Involved

Please come to our Slack channel first, where we can try to help you or point you in the right direction:

Realtime discussion is done in the OWASP Slack Channel, #defectdojo.
Get Access.

DefectDojo Twitter Account tweets project
updates and changes.

Available Plugins

Engagement Surveys
– A plugin that adds answerable surveys to engagements.

LDAP Integration

SAML Integration

Multi-Factor Auth

About Us

DefectDojo is maintained by:

Project Moderators

Project Moderators can help you with pull requests or feedback on dev ideas.

Alex Dracea
Valentijn Scholten (@valentijnscholten) (github | sponsor | linkedin)
Jannik Jürgens
Fred Blaise
Saurabh kumar
Cody Maffucci
Pascal Trovatelli / Sopra Steria
Damien Carol
Stefan Fleckenstein

Hall of Fame

Charles Neill (@ccneill) – Charles served as a
DefectDojo Maintainer for years and wrote some of Dojo's core functionality.
Jay Paz (@jjpaz) – Jay was a DefectDojo
maintainer for years. He performed Dojo's first UI overhaul, optimized code structure/features, and added numerous enhancements.