OWASP Defectdojo

Overview

DefectDojo is a single platform to orchestrate end-to-end security testing, vulnerability tracking, deduplication, remediation, and reporting. The project was started in 2013 and the open source version was released in 2015.

Our open platform transforms security information management, connecting security strategy and informed execution for intelligent risk management. Security and DevSecOps teams can aggregate, automate, and integrate data from more than 200 security tools for a unified view of security posture and compliance, streamlined workflows, and improved decision-making.

Automate the tools you currently use, combine findings, and apply templates for SLAs and mitigation—all tracked to the product or product groups you define. Track unique vulnerabilities across builds, releases, endpoints, repositories and engagements. DefectDojo algorithms learn overtime to automatically group findings and apply changes.

DefectDojo was created by security pros for security pros to provide maximum results with minimum human intervention.

Description

DefectDojo streamlines the testing process with a flexible data model that gives you the ability to iterate and drive immediate value. The data model has four core components: Product, Engagement, Tests, and Findings (Endpoints). Additionally, DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python and Django.

Testing or installing DefectDojo is easy and automated. When you’re ready to set up an instance of Dojo for your organization, we have a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found here. The project’s documentation can be found on the documenation site.

OWASP DefectDojo is licensed under the BSD 3-Clause License