DefectDojo's Documentation


About DefectDojo

What is DefectDojo?

DefectDojo is a security tool that automates application security vulnerability management. DefectDojo streamlines the application security testing process by offering features such as importing third party security findings, merging and de-duping, integration with Jira, templating, report generation and security metrics.

What does DefectDojo do?

While traceability and metrics are the ultimate end goal, DefectDojo is a bug tracker at its core. Taking advantage of DefectDojo's Product:Engagement model, enables traceability among multiple projects and test cycles, and allows for fine-grained reporting.

How does DefectDojo work?

  1. Getting started will tell you how to install and configure DefectDojo.
  2. Usage shows how to use DefectDojo to manage vulnerabilities.
  3. A lot of integrations help to fit DefectDojo in your environment.
  4. Contributing gives insights how you can help to make DefectDojo even better.

Where to find DefectDojo?

The code is open source, and available on GitHub.

A running example is available on the demo server, using the credentials admin / defectdojo@demo#appsec. Note: The demo server is refreshed regularly and provisioned with some sample data.

You can also find videos of demos on our YouTube channel.

Last modified February 1, 2023: Generic: Handle incorrect json (#7482) (7c7b57f)