DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools. DefectDojo has smart features to enhance and tune the results from your security tools including the ability to merge findings, remember false positives, and distill duplicates. DefectDojo also integrates with JIRA, provides metrics / reports, and can also be used for traditional pen test management.
While automation and efficiency are the ultimate end goals, DefectDojo is a bug tracker at its core for vulnerabilities. Taking advantage of DefectDojo’s Product:Engagement model, enables traceability among multiple projects / test cycles, and allows for fine-grained reporting.
The open-source edition is available on GitHub.
A running example is available on our demo server,
using the credentials
defectdojo@demo#appsec. Note: The demo
server is refreshed regularly and provisioned with some sample data.