Product Hierarchy on DefectDojo Documentation

Product Hierarchy: Overview

Mon, 01 Jan 0001 00:00:00 +0000

DefectDojo uses five main data classes to organize your work: Product Types, Products, Engagements, Tests, and Findings.

DefectDojo is made to be flexible to conform to your team, rather than making your team conform to the tool. You’ll be able to design a robust, adaptable workspace once you understand how these data classes can be used to organize your work.

SLA Configuration

Mon, 01 Jan 0001 00:00:00 +0000

Each Product in DefectDojo can have its own Service Level Agreement (SLA) configuration, which represents the days your organization has to remediate or otherwise manage a Finding.

Link Findings to source code

Mon, 01 Jan 0001 00:00:00 +0000

Certain tools (particularly SAST tools) will include the associated file name and line number in vulnerability data. If the repository of the source code is specified in the Engagement, DefectDojo will present the filepath as a link and the user can navigate directly to the location of the vulnerability.

OWASP ASVS Benchmarks

Mon, 01 Jan 0001 00:00:00 +0000

DefectDojo supports benchmarking Products against the OWASP Application Security Verification Standard (ASVS), which provides a basis for testing web application technical security controls.

Product Health Grade

Mon, 01 Jan 0001 00:00:00 +0000

DefectDojo can calculate a grade for your Products based on the amount of Findings contained within. Grades are ranked from A - F.