DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.
Demo
Try out DefectDojo in the testing environment with the following credentials.

  • admin / defectdojo@demo#appsec
  • product_manager / defectdojo@demo#product

Quick Start

git clone https://github.com/DefectDojo/django-DefectDojo
cd django-DefectDojo
docker-compose up

Navigate to http://localhost:8080.

Documentation
For detailed documentation you can visit Read the Docs.

Installation Options

Getting Started
We recommend checking out the about document to learn the terminology of DefectDojo and the getting started guide for setting up a new installation. We’ve also created some example workflows that should give you an idea of how to use DefectDojo for your own team.

Client APIs

  • Install the DefectDojo Python API via pip install defectdojo_api or clone the repository.
  • Browse the API on SwaggerHub.

Getting Involved

Realtime discussion is done in the OWASP Slack Channel, #defectdojo. Get Access.
DefectDojo Twitter Account tweets project updates and changes.

Available Plugins
Engagement Surveys – A plugin that adds answerable surveys to engagements.
LDAP Integration
SAML Integration
Multi-Factor Auth

About Us
DefectDojo is maintained by:

Hall of Fame

  • Charles Neill (@ccneill) – Charles served as a DefectDojo Maintainer for years and wrote some of Dojo’s core functionality.
  • Jay Paz (@jjpaz) – Jay was a DefectDojo maintainer for years. He performed Dojo’s first UI overhaul, optomized code structure/features, and added numerous enhancements.