DefectDojo's Documentation
About DefectDojo
What is DefectDojo?
DefectDojo is a security tool that automates application security vulnerability management. DefectDojo streamlines the application security testing process by offering features such as importing third party security findings, merging and de-duping, integration with Jira, templating, report generation and security metrics.
What does DefectDojo do?
While traceability and metrics are the ultimate end goal, DefectDojo is a bug tracker at its core. Taking advantage of DefectDojo's Product:Engagement model, enables traceability among multiple projects and test cycles, and allows for fine-grained reporting.
How does DefectDojo work?
- Getting started will tell you how to install and configure DefectDojo.
- Usage shows how to use DefectDojo to manage vulnerabilities.
- A lot of integrations help to fit DefectDojo in your environment.
- Contributing gives insights how you can help to make DefectDojo even better.
Where to find DefectDojo?
The code is open source, and available on GitHub.
A running example is available on the demo server,
using the credentials admin / defectdojo@demo#appsec. Note: The demo
server is refreshed regularly and provisioned with some sample data.
You can also find videos of demos on our YouTube channel.