|
|
|---|
DefectDojo is a DevSecOps, ASPM (application security posture management), and vulnerability management tool. DefectDojo orchestrates end-to-end security testing, vulnerability tracking, deduplication, remediation, and reporting.
Pro Edition: pro.demo.defectdojo.com
OWASP Community Edition: demo.defectdojo.org
Either demo enviornment can be logged into with username admin and password 1Defectdojo@demo#appsec. Please note that the demos are publicly accessible
and reset every day. Do not put sensitive data in the demo. An easy way to test DefectDojo is to upload some sample scan reports.
git clone http://github.com/DefectDojo/django-DefectDojo && cd django-DefectDojo && docker compose upThis quick start guide will do the following
- Clone the repository and change directories
- Start the application
- Obtain admin credentials in the initializer logs. The first initialization can take up to 3 minutes to run.
if running DefectDojo in detached mode via docker compose up -d, obtain admin credentials from the initializer logs with the command below. Please note, the initializer can take up to 3 minutes to run.
docker compose logs initializer | grep "Admin password:"
- Official Docs
- REST APIs
- Client APIs and Wrappers
- Authentication options:
- Supported tools
- How to Write Documentation Locally
- Development
- Pro - SaaS or self-hosted (via K8s or docker compose). Speak to our team or sign-up for SaaS directly
- OS - docker compose
Checkout our new Community Portal and join the DefectDojo community on Slack!
Follow DefectDojo on LinkedIn, YouTube, and X for platform updates!
Please see our contributing guidelines for details and standards on contributing before considering or submitting a pull request.
Upgrade to DefectDojo Pro! Pro transcends the do-it-yourself approach of open-source: A new UI, risk-based vulnerability management, incredibile scalability, API connectors, ServiceNow, GitHub, GitLab, Azure DevOps, automatic data enrichment, prioritization, and more! See all the differentiators at the bottom of our pricing page: defectdojo.com/pricing.
Alternatively, for information please email hello@defectdojo.com
DefectDojo is maintained by:
- Greg Anderson (@devGregA | LinkedIn)
- Matt Tesauro (@mtesauro | LinkedIn | @matt_tesauro)
Core Moderators can help you with pull requests or feedback on dev ideas:
Moderators can help you with pull requests or feedback on dev ideas:
- Blake Owens (@blakeaowens)
- Jannik Jürgens (@alles-klar) - Jannik was a long time contributor and moderator for DefectDojo and made significant contributions to many areas of the platform. Jannik was instrumental in pioneering and optimizing deployment methods.
- Valentijn Scholten (@valentijnscholten | Sponsor | LinkedIn) - Valentijn served as a core moderator for 3 years. Valentijn's contributions were numerous and extensive. He overhauled, improved, and optimized many parts of the codebase. He consistently fielded questions, provided feedback on pull requests, and provided a helping hand wherever it was needed.
- Fred Blaise (@madchap | LinkedIn) - Fred served as a core moderator during a critical time for DefectDojo. He contributed code, helped the team stay organized, and architected important policies and procedures.
- Aaron Weaver (@aaronweaver | LinkedIn) - Aaron has been a long time contributor and user of DefectDojo. He did the second major UI overhaul and his contributions include automation enhancements, CI/CD engagements, increased metadata at the product level, and many more.
- Jay Paz (@jjpaz) – Jay was a DefectDojo maintainer for years. He performed Dojo's first UI overhaul, optomized code structure/features, and added numerous enhancements.
- Charles Neill (@ccneill) – Charles served as a maintainer of DefectDojo for years and wrote some of Dojo's core functionality.
Please report Security issues via our disclosure policy.
DefectDojo is licensed under the BSD 3-Clause License