What is DefectDojo?
DefectDojo is a security tool that automates application security vulnerability management. DefectDojo streamlines the application security testing process by offering features such as importing third party security findings, merging and de-duping, integration with Jira, templating, report generation and security metrics.
What does DefectDojo do?
While traceability and metrics are the ultimate end goal, DefectDojo is a bug tracker at its core. Taking advantage of DefectDojo's Product:Engagement model, enables traceability among multiple projects and test cycles, and allows for fine-grained reporting.
How does DefectDojo work?
DefectDojo is based on a model that allows the ultimate flexibility in your test tracking needs.
- Working in DefectDojo starts with a
- Each Product Type can have one of more
- Each Product can have one or more
- Each Engagement can have one more
- Each Test can have one or more
The code is open source, and available on github.
A demo installation can be found over at PythonAnywhere.
Our documentation is organized in the following sections:
.. toctree:: :maxdepth: 2 about getting-started integrations models start-using workflows upgrading running-in-production
.. toctree:: :maxdepth: 2 :glob: features
.. toctree:: :maxdepth: 2 :glob: api-docs