/django-DefectDojo

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

Primary LanguageHTMLBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

DefectDojo

OWASP Flagship GitHub release YouTube Subscribe Twitter Follow

Build Status Documentation Status CII Best Practices

Screenshot of DefectDojo

DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.

Quick Start

git clone https://github.com/DefectDojo/django-DefectDojo
cd django-DefectDojo
# building
docker-compose build
# running
docker-compose up
# obtain admin credentials
docker-compose logs initializer | grep "Admin password:"

Navigate to http://localhost:8080.

Documentation

For detailed documentation you can visit Read the Docs.

Supported Installation Options

Getting Started

We recommend checking out the about document to learn the terminology of DefectDojo and the getting started guide for setting up a new installation. We've also created some example workflows that should give you an idea of how to use DefectDojo for your own team.

REST APIs

** Deprecation notice ** apiv1 is deprecated and EOS is on 12-31-2020. EOL is planned for 06-30-2021. Please move on to apiv2 and raise issues for any unsupported operations.

Defectdojo can be accessed through a Swagger REST API. Please see the API documentation or the in-app Swagger documentation.

Client APIs and wrappers

This section presents different ways to programmatically interact with DefectDojo APIs.

See Wrappers

Release and branch model

See Release and branch model

Support, Bug Reports and Getting Involved

Please come to our Slack channel first, where we can try to help you or point you in the right direction:

Slack

Realtime discussion is done in the OWASP Slack Channel, #defectdojo. Get Access.

Social Media

Twitter

DefectDojo Twitter Account tweets project updates and changes.

Available Plugins

Engagement Surveys – A plugin that adds answerable surveys to engagements.

LDAP Integration

SAML Integration

Multi-Factor Auth

About Us

DefectDojo is maintained by:

Project Moderators

Project Moderators can help you with pull requests or feedback on dev ideas.

Hall of Fame

  • Charles Neill (@ccneill) – Charles served as a DefectDojo Maintainer for years and wrote some of Dojo's core functionality.
  • Jay Paz (@jjpaz) – Jay was a DefectDojo maintainer for years. He performed Dojo's first UI overhaul, optimized code structure/features, and added numerous enhancements.

Contributing

We greatly appreciate all of our contributors.

More info: Contributing guideline

We would also like to highlight the contributions from Michael Dong and Fatimah Zohra who contributed to DefectDojo before it was open source.

Swag Rewards

If you fix an issue with the swag reward tag, we'll send you a shirt and some stickers!

Dojo tshirt front

Support

Proceeds are used for testing, infrastructure, etc.

PayPal

Sponsors

Xing 10Security GCSecurity ISAAC Timo-Pagel SDA-SE Signal-Iduna WSO2 CloudBees

Interested in becoming a sponsor and having your logo displayed? Please review our sponsorship information or email greg.anderson@owasp.org

License

DefectDojo is licensed under the BSD Simplified license