DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Clone or download
Latest commit f4dd2aa Oct 4, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Update stale.yml Sep 10, 2018
components add SimpleMDE Editor to yarn install May 13, 2018
docker Convert dojo.settings to dojo.settings.settings Jul 19, 2018
dojo Update settings.dist.py Sep 25, 2018
entrypoint_scripts Merge pull request #617 from aaronweaver/dev Jun 11, 2018
tests Revert "Revert "Add API v2 using Django Rest Framework"" May 8, 2018
.flake8 flake8 fix 9 Jun 27, 2018
.gitignore Ensure *.db files do not appear in VCS anymore May 11, 2018
.travis.yml Travis smoke test disabled Jun 11, 2018
CONTRIBUTING.md Adapted contribution guide and gitignore Feb 26, 2018
DefectDojoMaintainers.md Update DefectDojoMaintainers.md Sep 21, 2018
Dockerfile Allow setting db envs from docker build as args Apr 10, 2018
ISSUE_TEMPLATE.md Update ISSUE_TEMPLATE.md Sep 21, 2018
LICENSE.md Update LICENSE.md Mar 21, 2017
PULL_REQUEST_TEMPLATE.md Flake8 changes May 14, 2018
README.md Update README.md Oct 4, 2018
SECURITY.md Update SECURITY.md Sep 24, 2018
SPONSORING.md Create SPONSORING.md Jul 8, 2018
Vagrantfile Renaming and rebranding to DefectDojo. This commit updates every refe… Mar 24, 2015
app.json Adding addtional API methods. Feb 2, 2018
manage.py Corrected references to former settings file Feb 27, 2018
requirements.txt Update requirements.txt Sep 25, 2018
setup.bash Consolidated common variables and functions; Made the entire script m… Mar 23, 2018
setup.py Update setup.py Sep 24, 2018
upgrade.bash Updated notifications, reworked findings, product and engagement views May 18, 2018
wsgi.py wsgi.py error edit Mar 8, 2018
wsgi_params Fixes #312 and #139 Jul 9, 2017

README.md

DefectDojo OWASP Flagship GitHub release YouTube Subscribe Twitter Follow

Documentation Status CII Best Practices

Screenshot of DefectDojo

DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.

Demo

Try out DefectDojo in our testing environment.

  • admin / defectdojo@demo#appsec
  • product_manager / defectdojo@demo#product

Quick Start

$ git clone https://github.com/DefectDojo/django-DefectDojo
$ cd django-DefectDojo
$ ./setup.bash
$ ./run_dojo.bash

navigate to 127.0.0.1:8000

Documentation

For detailed documentation you can visit Read the Docs.

Installation Options

Debian, Ubuntu (16.04.2+) or RHEL-based Install Script

Docker

Ansible

Getting Started

We recommend checking out the about document to learn the terminology of DefectDojo and the getting started guide for setting up a new installation. We've also created some example workflows that should give you an idea of how to use DefectDojo for your own team.

DefectDojo Client API's

  • DefectDojo Python API: pip install defectdojo_api or clone the repository.

  • Browse the API on SwaggerHub. Swagger Status

Getting Involved

Slack

Realtime discussion is done in the OWASP Slack Channel, #defectdojo. Get Access.

Twitter

DefectDojo Twitter Account tweets project updates and changes.

Available Plugins

Engagement Surveys - A plugin that adds answerable surveys to engagements.

LDAP Integration

SAML Integration

Multi-Factor Auth

About Us

DefectDojo is maintained by:

Contributing

We greatly appreciate all of our contributors.

We would also like to highlight the contributions from Michael Dong and Fatimah Zohra who contributed to DefectDojo before it was open source.

Swag Rewards

If you fix an issue with the swag reward tag, we'll send you a shirt and some stickers!

Dojo tshirt front Dojo tshirt back

Support

Proceeds are used for testing, infrastructure, etc.

PayPal

Sponsors

Xing

Interested in becoming a sponsor and having your logo displayed? Please review our sponsorship information or email greg.anderson@owasp.org

License

DefectDojo is licensed under the BSD Simplified license