DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Clone or download
Latest commit f4dd2aa Oct 4, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Update stale.yml Sep 10, 2018
components add SimpleMDE Editor to yarn install May 13, 2018
docker Convert dojo.settings to dojo.settings.settings Jul 19, 2018
dojo Update Sep 25, 2018
entrypoint_scripts Merge pull request #617 from aaronweaver/dev Jun 11, 2018
tests Revert "Revert "Add API v2 using Django Rest Framework"" May 8, 2018
.flake8 flake8 fix 9 Jun 27, 2018
.gitignore Ensure *.db files do not appear in VCS anymore May 11, 2018
.travis.yml Travis smoke test disabled Jun 11, 2018 Adapted contribution guide and gitignore Feb 26, 2018 Update Sep 21, 2018
Dockerfile Allow setting db envs from docker build as args Apr 10, 2018 Update Sep 21, 2018 Update Mar 21, 2017 Flake8 changes May 14, 2018 Update Oct 4, 2018 Update Sep 24, 2018 Create Jul 8, 2018
Vagrantfile Renaming and rebranding to DefectDojo. This commit updates every refe… Mar 24, 2015
app.json Adding addtional API methods. Feb 2, 2018 Corrected references to former settings file Feb 27, 2018
requirements.txt Update requirements.txt Sep 25, 2018
setup.bash Consolidated common variables and functions; Made the entire script m… Mar 23, 2018 Update Sep 24, 2018
upgrade.bash Updated notifications, reworked findings, product and engagement views May 18, 2018 error edit Mar 8, 2018
wsgi_params Fixes #312 and #139 Jul 9, 2017

DefectDojo OWASP Flagship GitHub release YouTube Subscribe Twitter Follow

Documentation Status CII Best Practices

Screenshot of DefectDojo

DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.


Try out DefectDojo in our testing environment.

  • admin / defectdojo@demo#appsec
  • product_manager / defectdojo@demo#product

Quick Start

$ git clone
$ cd django-DefectDojo
$ ./setup.bash
$ ./run_dojo.bash

navigate to


For detailed documentation you can visit Read the Docs.

Installation Options

Debian, Ubuntu (16.04.2+) or RHEL-based Install Script



Getting Started

We recommend checking out the about document to learn the terminology of DefectDojo and the getting started guide for setting up a new installation. We've also created some example workflows that should give you an idea of how to use DefectDojo for your own team.

DefectDojo Client API's

  • DefectDojo Python API: pip install defectdojo_api or clone the repository.

  • Browse the API on SwaggerHub. Swagger Status

Getting Involved


Realtime discussion is done in the OWASP Slack Channel, #defectdojo. Get Access.


DefectDojo Twitter Account tweets project updates and changes.

Available Plugins

Engagement Surveys - A plugin that adds answerable surveys to engagements.

LDAP Integration

SAML Integration

Multi-Factor Auth

About Us

DefectDojo is maintained by:


We greatly appreciate all of our contributors.

We would also like to highlight the contributions from Michael Dong and Fatimah Zohra who contributed to DefectDojo before it was open source.

Swag Rewards

If you fix an issue with the swag reward tag, we'll send you a shirt and some stickers!

Dojo tshirt front Dojo tshirt back


Proceeds are used for testing, infrastructure, etc.




Interested in becoming a sponsor and having your logo displayed? Please review our sponsorship information or email


DefectDojo is licensed under the BSD Simplified license