DefectDojo is a security orchestration and vulnerability management platform. DefectDojo allows you to manage your application security program, maintain product and application information, triage vulnerabilities and push findings to systems like JIRA and Slack. DefectDojo enriches and refines vulnerability data using a number of heuristic algorithms that improve with the more you use the platform.
Try out the demo sever at demo.defectdojo.org
Log in with admin / 1Defectdojo@demo#appsec. Please note that the demo is publicly accessable and regularly reset. Do not put sensitive data in the demo.
git clone https://github.com/DefectDojo/django-DefectDojo
cd django-DefectDojo
# building
docker-compose build
# running
docker-compose up
# obtain admin credentials. the initializer can take up to 3 minutes to run
# use docker-compose logs -f initializer to track progress
docker-compose logs initializer | grep "Admin password:"Navigate to http://localhost:8080.
- Docker / Docker Compose
- AWS AMI - Supports the Project
- godojo
Join the slack community and discussion! Realtime discussion is done in the OWASP Slack Channel, #defectdojo. Follow DefectDojo on Twitter, Linkedin, and YouTube for project updates!
See our Contributing guidelines
Commercial support and training is availaible through 10Security.
10Security was founded by the creators of DefectDojo. For information please email info@10security.com or visit our site.
DefectDojo is maintained by:
- Greg Anderson (@devGregA | linkedin)
- Aaron Weaver (@aaronweaver| linkedin | @weavera)
- Matt Tesauro (@mtesauro | linkedin | @matt_tesauro)
Core Moderators can help you with pull requests or feedback on dev ideas:
- Valentijn Scholten (@valentijnscholten | sponsor | linkedin)
- Cody Maffucci (@Maffooch | linkedin)
Moderators can help you with pull requests or feedback on dev ideas:
- Damien Carol (@damnielcarol | linkedin)
- Stefan Fleckenstein (@StefanFl | (linkedin)
- Jannik Jürgens (@alles-klar)
- Fred Blaise (@madchap | linkedin) - Fred served as a core moderator during a critical time for DefectDojo. He contributed code, helped the team stay organized, and architected important policies and procedures.
- Charles Neill (@ccneill) – Charles served as a DefectDojo Maintainer for years and wrote some of Dojo's core functionality.
- Jay Paz (@jjpaz) – Jay was a DefectDojo maintainer for years. He performed Dojo's first UI overhaul, optimized code structure/features, and added numerous enhancements.
Please report Security issues via our disclosure policy.
DefectDojo is licensed under the BSD Simplified license