DefectDojo's Documentation


About DefectDojo

What is DefectDojo?

DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools. DefectDojo has smart features to enhance and tune the results from your security tools including the ability to merge findings, remember false positives, and distill duplicates. DefectDojo also integrates with JIRA, provides metrics / reports, and can also be used for traditional pen test management.

What does DefectDojo do?

While automation and efficiency are the ultimate end goals, DefectDojo is a bug tracker at its core for vulnerabilities. Taking advantage of DefectDojo’s Product:Engagement model, enables traceability among multiple projects / test cycles, and allows for fine-grained reporting.

How does DefectDojo work?

  1. Getting started covers how to install and configure DefectDojo.
  2. Usage covers how to use DefectDojo to manage vulnerabilities.
  3. We support a large amount of integrations to help fit DefectDojo in your DevSecOps program.

Where to find DefectDojo?

Proprietary editions that include additional features and support can be purchased through

The open-source edition is available on GitHub.

A running example is available on our demo server, using the credentials admin / defectdojo@demo#appsec. Note: The demo server is refreshed regularly and provisioned with some sample data.

Follow us on LinkedIn for updates. To get in touch with us, please reach out to

Last modified March 17, 2023: Docs update master (#7837) (33370295f)