DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools. DefectDojo has smart features to enhance and tune the results from your security tools including the ability to merge findings, remember false positives, and distill duplicates. DefectDojo also integrates with JIRA, provides metrics / reports, and can also be used for traditional pen test management.
While automation and efficiency are the ultimate end goals, DefectDojo is a bug tracker at its core for vulnerabilities. Taking advantage of DefectDojo’s Product:Engagement model, enables traceability among multiple projects / test cycles, and allows for fine-grained reporting.
The open-source edition is available on GitHub.
A running example is available on our demo server,
using the credentials admin
/ 1Defectdojo@demo#appsec
. Note: The demo
server is refreshed regularly and provisioned with some sample data.
DefectDojo Inc. hosts a commercial edition of this software, which includes:
For more information, please visit defectdojo.com.
DefectDojo Inc. also maintains an updated Knowledge Base at https://support.defectdojo.com. The Knowledge Base is written to support DefectDojo’s Pro and Enterprise releases, but the tutorials and guides may also be applied to the open-source edition.
Follow DefectDojo Inc. on LinkedIn for updates. To get in touch with us, please reach out to info@defectdojo.com