DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.
$ git clone https://github.com/DefectDojo/django-DefectDojo
$ cd django-DefectDojo
$ ./setup.bash
$ ./run_dojo.bash
navigate to 127.0.0.1:8000
If you'd like to check out a demo of DefectDojo before installing it, you can check out our PythonAnywhere demo site.
You can log in as an administrator like so:
You can also log in as a product owner / non-staff user:
For additional documentation you can visit our Read the Docs site.
Deploy to Docker Cloud. (Login first to Docker Cloud before clicking the install button.)
We recommend checking out the about document to learn the terminology of DefectDojo, and the getting started guide for setting up a new installation. We've also created some example workflows that should give you an idea of how to use DefectDojo for your own team.
- DefectDojo Python API:
pip install defectdojo_api
or clone the repository.
Get Access. Realtime discussion is done in the OWASP Slack Channel, #defectdojo.
DefectDojo Twitter Account tweets project updates and changes.
Engagement Surveys - A plugin that adds answerable surveys to engagements.
DefectDojo is maintained by:
- Greg Anderson
- Charles Neill (@ccneill)
- Jay Paz (@jjpaz)
- Aaron Weaver (@weavera)
- Matt Tesauro (@matt_tesauro)
We greatly appreciate all of our contributors.
We would also like to highlight the contributions from Michael Dong and Fatimah Zohra who contributed to DefectDojo before it was open source.
If you fix an issue with the swag reward
tag, we'll send you a shirt and some stickers!
Proceeds are used for testing, infrastructure, etc.
Interested in becoming a sponsor and having your logo displayed? Please email greg.anderson@owasp.org
DefectDojo is licensed under the BSD Simplified license