Skip to content
DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
HTML Python Shell CSS JavaScript XSLT Smarty
Branch: master
Clone or download
Latest commit 06d5fb3 Sep 6, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Templates updates for Python3 and Scanner Jun 10, 2019
components Harcoding fullcalendar pkg version. Fixes #1011 Jun 26, 2019
docker Clean up fixtures and disable report builder Jul 1, 2019
dojo Merge pull request #1508 from Maffooch/dedupe Aug 20, 2019
entrypoint_scripts Stable python3 build Jun 6, 2019
helm/defectdojo Merge pull request #1199 from Miradorn/patch-1 Jun 5, 2019
nginx Entrypoint fix for docker (#1041) Apr 12, 2019
setup Fixed a bug in setup.bash Jun 25, 2019
tests Merge pull request #1491 from Maffooch/dev Aug 14, 2019
travis travis/docker: tune curl options Aug 12, 2019
.dockerignore Docker & Updates (#764) Oct 5, 2018
.flake8 Merge branch 'master' into master Jun 6, 2019
.gitignore add docker-compose symlink to ignore list Aug 11, 2019
.travis.yml Revert "update minikube version" Aug 1, 2019 Change python from 3.7 to 3.5 for compatibility reasons. Update docum… Jul 30, 2019 update instructions about admin password Aug 1, 2019 Merge branch 'dev' into master Oct 15, 2018
Dockerfile.busybox minor: remove unused 'as build' Jul 30, 2019
Dockerfile.django Merge pull request #1429 from ptrovatelli/fix-unit-test-docker-env Jul 31, 2019
Dockerfile.nginx Declare exposed port in nginx docker configuration Aug 5, 2019 Linting Mar 20, 2019 Linting Mar 20, 2019 Create Aug 31, 2018 Change python from 3.7 to 3.5 for compatibility reasons. Update docum… Jul 30, 2019 Change python from 3.7 to 3.5 for compatibility reasons. Update docum… Jul 30, 2019 Linting Mar 20, 2019 Create Jul 8, 2018
app.json Adding addtional API methods. Feb 2, 2018 add celeryworker volume in dev mode May 22, 2019
docker-compose.override.unit_tests.yml minor: remove unused 'as build' Jul 30, 2019
docker-compose.yml Pin versions of external docker images for more stability Jul 30, 2019
legacy-setup.bash Added new setup.bash installer, moved old one to legacy-setup.bash Nov 27, 2018 Django 2.2.1 Upgrade Jun 6, 2019
package.json Harcoding fullcalendar pkg version. Fixes #1011 Jun 26, 2019
requirements.txt Bump django from 2.2.1 to 2.2.4 Aug 26, 2019
setup-docker.bash Updated compose and dockerfile. Feb 5, 2019
setup.bash Added new setup.bash installer, moved old one to legacy-setup.bash Nov 27, 2018 Bump django from 2.2.1 to 2.2.4 Aug 26, 2019
upgrade.bash Updated notifications, reworked findings, product and engagement views May 18, 2018 error edit Mar 8, 2018
wsgi_params Fixes #312 and #139 Jul 9, 2017


OWASP Flagship GitHub release YouTube Subscribe Twitter Follow

Build Status Documentation Status CII Best Practices

Screenshot of DefectDojo

DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.


Try out DefectDojo in our testing environment with the following credentials.

  • admin / defectdojo@demo#appsec
  • product_manager / defectdojo@demo#product

Quick Start

git clone
cd django-DefectDojo
# building
docker-compose build
# running
docker-compose up

Navigate to http://localhost:8080.


For detailed documentation you can visit Read the Docs.

Installation Options

Getting Started

We recommend checking out the about document to learn the terminology of DefectDojo and the getting started guide for setting up a new installation. We've also created some example workflows that should give you an idea of how to use DefectDojo for your own team.

Client APIs

  • Install the DefectDojo Python API via pip install defectdojo_api or clone the repository.
  • Browse the API on SwaggerHub. Swagger Status

Getting Involved


Realtime discussion is done in the OWASP Slack Channel, #defectdojo. Get Access.


More info: Contributing guideline

DefectDojo Twitter Account tweets project updates and changes.

Available Plugins

Engagement Surveys – A plugin that adds answerable surveys to engagements.

LDAP Integration

SAML Integration

Multi-Factor Auth

About Us

DefectDojo is maintained by:

Project Moderators

Project Moderators can help you with pull requests or feedback on dev ideas.

Hall of Fame

  • Charles Neill (@ccneill) – Charles served as a DefectDojo Maintainer for years and wrote some of Dojo's core functionality.
  • Jay Paz (@jjpaz) – Jay was a DefectDojo maintainer for years. He performed Dojo's first UI overhaul, optomized code structure/features, and added numerous enhancements.


We greatly appreciate all of our contributors.

We would also like to highlight the contributions from Michael Dong and Fatimah Zohra who contributed to DefectDojo before it was open source.

Swag Rewards

If you fix an issue with the swag reward tag, we'll send you a shirt and some stickers!

Dojo tshirt front


Proceeds are used for testing, infrastructure, etc.



Xing 10Security GCSecurity Timo-Pagel SDA-SE Signal-Iduna

Interested in becoming a sponsor and having your logo displayed? Please review our sponsorship information or email


DefectDojo is licensed under the BSD Simplified license

You can’t perform that action at this time.