OverviewAn open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.
DefectDojo is an Application Security Program tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.
DescriptionDefectDojo streamlines the testing process through several ‘models’ that an admin can manipulate with Python code. The core models include: ‘engagements’, ‘tests’ and ‘findings’. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python and Django.
Testing or installing DefectDojo is easy. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found
here. The projects documentation can be found on
Read The Docs.