DefectDojo's Documentation


What is DefectDojo?

DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools. DefectDojo has smart features to enhance and tune the results from your security tools including the ability to merge findings, remember false positives, and distill duplicates. DefectDojo also integrates with JIRA, provides metrics / reports, and can also be used for traditional pen test management.

What does DefectDojo do?

While automation and efficiency are the ultimate end goals, DefectDojo is a bug tracker at its core for vulnerabilities. Taking advantage of DefectDojo’s Product:Engagement model, enables traceability among multiple projects / test cycles, and allows for fine-grained reporting.

How does DefectDojo work?

  1. Getting started covers how to install and configure DefectDojo.
  2. Usage covers how to use DefectDojo to manage vulnerabilities.
  3. We support a large amount of integrations to help fit DefectDojo in your DevSecOps program.

Where to find DefectDojo?

The open-source edition is available on GitHub.

A running example is available on our demo server, using the credentials admin / defectdojo@demo#appsec. Note: The demo server is refreshed regularly and provisioned with some sample data.

DefectDojo Pro and Enterprise

DefectDojo Inc. hosts a commercial edition of this software, which includes:

  • additional features, smart features and UI improvements
  • cloud hosting, with regular backups, updates and maintenance
  • premium support and implementation guidance

For more information, please visit

DefectDojo Inc. also maintains an updated Knowledge Base at The Knowledge Base is written to support DefectDojo’s Pro and Enterprise releases, but the tutorials and guides may also be applied to the open-source edition.

Follow DefectDojo Inc. on LinkedIn for updates. To get in touch with us, please reach out to