OWASP Defectdojo

OWASP Flagship DefectDojo Github Stars


An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.

DefectDojo is an Application Security Program tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.


DefectDojo streamlines the testing process through several ‘models’ that an admin can manipulate with Python code. The core models include: ‘engagements’, ‘tests’ and ‘findings’. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python and Django.

Testing or installing DefectDojo is easy. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found here. The projects documentation can be found on Read The Docs.

OWASP DefectDojo is licensed under the BSD 3-Clause License