DefectDojo

DefectDojo is a security orchestration and vulnerability management platform. DefectDojo allows you to manage your application security program, maintain product and application information, triage vulnerabilities and push findings to systems like JIRA and Slack. DefectDojo enriches and refines vulnerability data using a number of heuristic algorithms that improve with the more you use the platform.

Demo

Try out the demo server at demo.defectdojo.org

Log in with admin / 1Defectdojo@demo#appsec. Please note that the demo is publicly accessible and regularly reset. Do not put sensitive data in the demo.

Quick Start for Compose V2

From July 2023 Compose V1 stopped receiving updates.

Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose.

git clone https://github.com/DefectDojo/django-DefectDojo
cd django-DefectDojo
# building
./dc-build.sh
# running (for other profiles besides postgres-redis look at https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/DOCKER.md)
./dc-up.sh postgres-redis
# obtain admin credentials. the initializer can take up to 3 minutes to run
# use docker-compose logs -f initializer to track progress
docker compose logs initializer | grep "Admin password:"

For Docker Compose V1

You can run Compose V1 by editing the below files to add the hyphen (-) between docker compose.

     dc-build.sh
     dc-down.sh
     dc-stop.sh
     dc-unittest.sh
     dc-up-d.sh
     dc-up.sh
     docker/docker-compose-check.sh
     docker/entrypoint-initializer.sh
     docker/setEnv.sh

Navigate to http://localhost:8080.

Documentation

• Official Docs (latest | dev)
• REST APIs
• Client APIs and Wrappers
• Authentication Options
• Parsers

Supported Installation Options

• Docker / Docker Compose
• SaaS - Includes Support & Supports the Project
• AWS AMI - Supports the Project

Community, Getting Involved, and Updates

Join the slack community and discussion! Realtime discussion is done in the OWASP Slack Channel, #defectdojo. Follow DefectDojo on Twitter, Linkedin, and YouTube for project updates!

Contributing

⚠️ Please note that DefectDojo will soon stop accepting new features to stabilize the API and data model for a forthcoming v3 release. See the contributing guidelines below for more details. ⚠️

See our Contributing guidelines

Commercial Support and Training

Commercial support and training is availaible. For information please email info@defectdojo.com.

About Us

DefectDojo is maintained by:

• Greg Anderson (@devGregA | linkedin)
• Matt Tesauro (@mtesauro | linkedin | @matt_tesauro)

Core Moderators can help you with pull requests or feedback on dev ideas:

• Cody Maffucci (@Maffooch | linkedin)

Moderators can help you with pull requests or feedback on dev ideas:

• Damien Carol (@damnielcarol | linkedin)
• Jannik Jürgens (@alles-klar)
• Dubravko Sever (@dsever)

Hall of Fame

• Valentijn Scholten (@valentijnscholten | sponsor | linkedin) - Valentijn served as a core moderator for 3 years. Valentijn’s contributions were numerous and extensive. He overhauled, improved, and optimized many parts of the codebase. He consistently fielded questions, provided feedback on pull requests, and provided a helping hand wherever it was needed.
• Fred Blaise (@madchap | linkedin) - Fred served as a core moderator during a critical time for DefectDojo. He contributed code, helped the team stay organized, and architected important policies and procedures.
• Charles Neill (@ccneill) – Charles served as a DefectDojo Maintainer for years and wrote some of Dojo's core functionality.
• Jay Paz (@jjpaz) – Jay was a DefectDojo maintainer for years. He performed Dojo's first UI overhaul, optimized code structure/features, and added numerous enhancements.

Security

Please report Security issues via our disclosure policy.

License

DefectDojo is licensed under the BSD-3-Clause License