Home

Awesome

DefectDojo

<table> <tr styl="margin: 0; position: absolute; top: 50%; -ms-transform: translateY(-50%); transform: translateY(-50%);"> <th> <a href="https://opensourcesecurityindex.io/" target="_blank" rel="noopener"> <img style="width: 282px; height: 56px" src="https://opensourcesecurityindex.io/badge.svg" alt="Open Source Security Index - Fastest Growing Open Source Security Projects" width="282" height="56" /> </a> </th> <th> <p> <a href="https://www.owasp.org/index.php/OWASP_DefectDojo_Project"><img src="https://img.shields.io/badge/owasp-flagship%20project-orange.svg" alt="OWASP Flagship"></a> <a href="https://github.com/DefectDojo/django-DefectDojo/releases/latest"><img src="https://img.shields.io/github/release/DefectDojo/django-DefectDojo.svg" alt="GitHub release"></a> <a href="https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ"><img src="https://img.shields.io/badge/youtube-subscribe-%23c4302b.svg" alt="YouTube Subscribe"></a> <a href="https://twitter.com/defectdojo/"><img src="https://img.shields.io/twitter/follow/defectdojo.svg?style=social&amp;label=Follow" alt="Twitter Follow"></a> </p> <p> <a href="https://github.com/DefectDojo/django-DefectDojo/actions"><img src="https://github.com/DefectDojo/django-DefectDojo/actions/workflows/unit-tests.yml/badge.svg?branch=master" alt="Unit Tests"></a> <a href="https://github.com/DefectDojo/django-DefectDojo/actions"><img src="https://github.com/DefectDojo/django-DefectDojo/actions/workflows/integration-tests.yml/badge.svg?branch=master" alt="Integration Tests"></a> <a href="https://bestpractices.coreinfrastructure.org/projects/2098"><img src="https://bestpractices.coreinfrastructure.org/projects/2098/badge" alt="CII Best Practices"></a> </p> </th> </tr> </table>

Screenshot of DefectDojo

DefectDojo is a DevSecOps, ASPM (application security posture management), and vulnerability management tool. DefectDojo orchestrates end-to-end security testing, vulnerability tracking, deduplication, remediation, and reporting.

Demo

Try out DefectDojo on our demo server at demo.defectdojo.org

Log in with username admin and password 1Defectdojo@demo#appsec. Please note that the demo is publicly accessible and regularly reset. Do not put sensitive data in the demo.

Quick Start for Compose V2

From July 2023 Compose V1 stopped receiving updates.

Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose instead of docker-compose.

# Clone the project
git clone https://github.com/DefectDojo/django-DefectDojo
cd django-DefectDojo

# Building Docker images
./dc-build.sh

# Run the application (for other profiles besides postgres-redis see  
# https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/DOCKER.md)
./dc-up-d.sh postgres-redis

# Obtain admin credentials. The initializer can take up to 3 minutes to run.
# Use docker compose logs -f initializer to track its progress.
docker compose logs initializer | grep "Admin password:"

For Docker Compose V1

You can run Compose V1 by editing the files below to add the hyphen (-) between docker compose.

     dc-build.sh
     dc-down.sh
     dc-stop.sh
     dc-unittest.sh
     dc-up-d.sh
     dc-up.sh
     docker/docker-compose-check.sh
     docker/entrypoint-initializer.sh
     docker/setEnv.sh

Navigate to http://localhost:8080 to see your new instance!

Documentation

Supported Installation Options

Community, Getting Involved, and Updates

<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/slack-logo-icon.png" alt="Slack" height="50"/> <img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/Linkedin-logo-icon-png.png" alt="LinkedIn" height="50"/> <img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/Twitter_Logo.png" alt="Twitter" height="50"/> <img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/YouTube-Emblem.png" alt="Youtube" height="50"/>

Join the OWASP Slack community and participate in the discussion! You can find us in our channel there, #defectdojo. Follow DefectDojo on Twitter, LinkedIn, and YouTube for project updates!

Contributing

:warning: We have instituted a feature freeze on v2 of DefectDojo as we begin work on v3. Please see our contributing guidelines for more information. Check out our latest update on v3 here.

Pro Edition

Upgrade to DefectDojo Pro today to take your DevSecOps to 11. DefectDojo Pro is designed to meet you wherever you are on your security journey and help you scale, with enhanced dashboards, additional smart features, tunable deduplication, and support from DevSecOps experts.

Alternatively, for information please email info@defectdojo.com

About Us

DefectDojo is maintained by:

Core Moderators can help you with pull requests or feedback on dev ideas:

Moderators can help you with pull requests or feedback on dev ideas:

Hall of Fame

Security

Please report Security issues via our disclosure policy.

License

DefectDojo is licensed under the BSD 3-Clause License