|
|
|---|
DefectDojo is a DevSecOps, ASPM (application security posture management), and vulnerability management tool. DefectDojo orchestrates end-to-end security testing, vulnerability tracking, deduplication, remediation, and reporting.
Pro Edition: pro.demo.defectdojo.com
OWASP Community Edition: demo.defectdojo.org
Either demo enviornment can be logged into with username admin and password 1Defectdojo@demo#appsec. Please note that the demos are publicly accessible
and reset every day. Do not put sensitive data in the demo. An easy way to test DefectDojo is to upload some sample scan reports.
# Clone the project
git clone https://github.com/DefectDojo/django-DefectDojo
cd django-DefectDojo
# Check if your installed toolkit is compatible
./docker/docker-compose-check.sh
# Building Docker images
docker compose build
# Run the application
# (see https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/DOCKER.md for more info)
docker compose up -d
# Obtain admin credentials. The initializer can take up to 3 minutes to run.
# Use docker compose logs -f initializer to track its progress.
docker compose logs initializer | grep "Admin password:"- Official Docs
- REST APIs
- Client APIs and Wrappers
- Authentication options:
- Supported tools
- How to Write Documentation Locally
- Pro - SaaS or self-hosted (via K8s or docker compose). Speak to our team or sign-up for SaaS directly
- OS - docker compose
Checkout our new Community Portal and join the DefectDojo community on Slack!
Follow DefectDojo on LinkedIn, YouTube, and X for platform updates!
Please see our contributing guidelines for details and standards on contributing before considering or submitting a pull request.
Upgrade to DefectDojo Pro! Pro transcends the do-it-yourself approach of open-source: A new UI, risk-based vulnerability management, incredibile scalability, API connectors, ServiceNow, GitHub, GitLab, Azure DevOps, automatic data enrichment, prioritization, and more! See all the differentiators at the bottom of our pricing page: defectdojo.com/pricing.
Alternatively, for information please email [email protected]
DefectDojo is maintained by:
- Greg Anderson (@devGregA | LinkedIn)
- Matt Tesauro (@mtesauro | LinkedIn | @matt_tesauro)
Core Moderators can help you with pull requests or feedback on dev ideas:
Moderators can help you with pull requests or feedback on dev ideas:
- Blake Owens (@blakeaowens)
- Jannik Jürgens (@alles-klar) - Jannik was a long time contributor and moderator for DefectDojo and made significant contributions to many areas of the platform. Jannik was instrumental in pioneering and optimizing deployment methods.
- Valentijn Scholten (@valentijnscholten | Sponsor | LinkedIn) - Valentijn served as a core moderator for 3 years. Valentijn's contributions were numerous and extensive. He overhauled, improved, and optimized many parts of the codebase. He consistently fielded questions, provided feedback on pull requests, and provided a helping hand wherever it was needed.
- Fred Blaise (@madchap | LinkedIn) - Fred served as a core moderator during a critical time for DefectDojo. He contributed code, helped the team stay organized, and architected important policies and procedures.
- Aaron Weaver (@aaronweaver | LinkedIn) - Aaron has been a long time contributor and user of DefectDojo. He did the second major UI overhaul and his contributions include automation enhancements, CI/CD engagements, increased metadata at the product level, and many more.
- Jay Paz (@jjpaz) – Jay was a DefectDojo maintainer for years. He performed Dojo's first UI overhaul, optomized code structure/features, and added numerous enhancements.
- Charles Neill (@ccneill) – Charles served as a maintainer of DefectDojo for years and wrote some of Dojo's core functionality.
Please report Security issues via our disclosure policy.
DefectDojo is licensed under the BSD 3-Clause License
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=64&v=4){kind=small}
![@dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?s=64&v=4){kind=small}