The main settings are all stored in dojo/settings/settings.dist.py
. It is great to use this file as a reference what can be configured, but it shouldn’t be edited directly, because changes would be overridden when updating DefectDojo. There are several methods to change the default settings:
Most of these parameters can be set by environment variables.
When you deploy DefectDojo via Docker Compose, you can set environment variables in docker-compose.yml
. Be aware you have to set the variables for three services: uwsgi
, celerybeat
and celeryworker
.
When you deploy DefectDojo in a Kubernetes cluster, you can set environment variables as extraConfigs
and extraSecrets
in helm/defectdojo/values.yaml
.
settings.dist.py
reads environment variables from a file whose name is specified in the environment variable DD_ENV_PATH
. If this variable is not set, the default .env.prod
is used. The file must be located in the dojo/settings
directory.
An example can be found in template_env
.
local_settings.py
can contain more complex customizations such as adding MIDDLEWARE or INSTALLED_APP entries.
This file is processed after settings.dist.py is processed, so you can modify settings delivered by Defect Dojo out of the box.
The file must be located in the dojo/settings
directory. Environment variables in this file must have no DD_
prefix.
If the file is missing feel free to create it. Do not edit settings.dist.py
directly.
An example can be found in dojo/settings/template-local_settings
.
In Docker Compose release mode, files in docker/extra_settings/
(relative to the file docker-compose.yml
) will be copied into dojo/settings/
in the docker container on startup.
Users with the superuser status can configure more options via the UI under Configuration
/ System Settings
.