DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.
Try out DefectDojo in our testing environment with the following credentials.
git clone https://github.com/DefectDojo/django-DefectDojo cd django-DefectDojo # building docker-compose build # running docker-compose up
Navigate to http://localhost:8080.
For detailed documentation you can visit Read the Docs.
We recommend checking out the about document to learn the terminology of DefectDojo and the getting started guide for setting up a new installation. We've also created some example workflows that should give you an idea of how to use DefectDojo for your own team.
pip install defectdojo_apior clone the repository.
Realtime discussion is done in the OWASP Slack Channel, #defectdojo. Get Access.
More info: Contributing guideline
DefectDojo Twitter Account tweets project updates and changes.
Engagement Surveys – A plugin that adds answerable surveys to engagements.
DefectDojo is maintained by:
Project Moderators can help you with pull requests or feedback on dev ideas.
We greatly appreciate all of our contributors.
We would also like to highlight the contributions from Michael Dong and Fatimah Zohra who contributed to DefectDojo before it was open source.
If you fix an issue with the
swag reward tag, we'll send you a shirt and some
Proceeds are used for testing, infrastructure, etc.
DefectDojo is licensed under the BSD Simplified license