Title here
Summary here
About Our Documentation
DefectDojo Inc. and open-source contributors maintain this documentation to support both the Community and Pro editions of DefectDojo.
What is DefectDojo?
DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools.
DefectDojo has smart features to enhance and tune the results from your security tools including the ability to merge findings, remember false positives, and distill duplicates.
DefectDojo also integrates with JIRA, provides metrics / reports, and can also be used for traditional pen test management.
What does DefectDojo do?
Whether you’re a one-person security team for a small organization, or a CISO overseeing a large amount of software projects, DefectDojo allows you to organize your security work, and easily report your organization’s security posture to other stakeholders.
While security process automation and integrated development pipelines are the ultimate end goals of DefectDojo, this software is a bug tracker at its core for security vulnerabilities, which is meant to ingest, organize and standardize reports from many security tools.
DefectDojo’s Product:Engagement model enables allows you to take inventory of your development environment and immediately place new security Findings in context.
- Track and report on vulnerabilities and test results across repositories and development branches, using CI/CD integration
- Ingest Pen tester reports and capture point-in-time snapshots of your security profile
- Create and track Risk Acceptances for security vulnerabilities
- Set and enforce SLAs to reflect your organization’s policies for vulnerability remediation
- Filter out redundant data using DefectDojo’s deduplication algorithm
Here are some examples of ways DefectDojo can be implemented, with DefectDojo co-founder and CTO Matt Tesauro:
How does DefectDojo work?
Whether you’re a Pro or an Open-Source user, we have many resources that can help you get started with DefectDojo.
Our New User Checklist covers the fundamentals of setting up your DefectDojo environment and setting up your import, triage and reporting workflows.
We support a large amount of security tool integrations to help fit DefectDojo in your DevSecOps program.
Our team maintains a YouTube Channel which hosts tutorials, archived Office Hours events and other content. New subscribers are always welcome!
Open-Source DefectDojo
The Open-Source edition of DefectDojo is available on GitHub.
Installation Guides
There are a few supported ways to install DefectDojo’s Open Source edition:
- Docker Compose is the easiest method to install the core program and services required to run DefectDojo.
- Kubernetes is not fully supported at the Open-Source level, but this guide can be referenced and used as a starting point to integrate DefectDojo into Kubernetes architecture.
Other guides for working with an Open-Source install:
- Architecture gives you an overview of each service and component used by DefectDojo.
- Running In Production provides system requirements, performance tweaks and maintenance processes for running DefectDojo on a production server. Note that this guide strictly covers Docker Compose installs, not Kubernetes.
If you run into trouble with an Open Source install, we highly recommend asking questions on the OWASP Slack. Our community members are active on the # defectdojo channel and can help you with issues youβre facing.
Online Demo
A running example of DefectDojo (Open-Source Edition) is available on our demo server, using the credentials admin / 1Defectdojo@demo#appsec. The demo server is refreshed regularly and provisioned with some sample data.
π§ DefectDojo Pro Edition
DefectDojo Inc. hosts a commercial edition of this software, which includes:
- additional features, smart features and UI improvements
- cloud hosting, with regular backups, updates and maintenance
- premium support and implementation guidance
For more information, check out our Pricing page at defectdojo.com. After filling out a quick survey to assess your organization’s needs we’ll provide you with a custom quote for DefectDojo.
DefectDojo Pro edition is available as a cloud-hosted SaaS offering but is also available for installation on-premises.
Connect With Us
- To get in touch with our team, you can always reach out to info@defectdojo.com.
- Follow DefectDojo Inc. on LinkedIn for company updates.
- DefectDojo hosts online presentations for AppSec professionals that can be accessed live or on demand - check us out on our Events page. Many of these are also available on our YouTube Channel.