Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 13,388 Commits
.github		.github
components		components
docker		docker
docs		docs
dojo		dojo
helm/defectdojo		helm/defectdojo
nginx		nginx
readme-docs		readme-docs
tests		tests
unittests		unittests
.dockerignore		.dockerignore
.dryrunsecurity.yaml		.dryrunsecurity.yaml
.gitignore		.gitignore
.gitmodules		.gitmodules
Dockerfile.django-alpine		Dockerfile.django-alpine
Dockerfile.django-debian		Dockerfile.django-debian
Dockerfile.integration-tests-debian		Dockerfile.integration-tests-debian
Dockerfile.nginx-alpine		Dockerfile.nginx-alpine
LICENSE.md		LICENSE.md
NOTICE		NOTICE
README.md		README.md
SECURITY.md		SECURITY.md
app.json		app.json
ct.yaml		ct.yaml
docker-compose.override.dev.yml		docker-compose.override.dev.yml
docker-compose.override.https.yml		docker-compose.override.https.yml
docker-compose.override.integration_tests.yml		docker-compose.override.integration_tests.yml
docker-compose.override.unit_tests.yml		docker-compose.override.unit_tests.yml
docker-compose.override.unit_tests_cicd.yml		docker-compose.override.unit_tests_cicd.yml
docker-compose.yml		docker-compose.yml
fixture-updater		fixture-updater
manage.py		manage.py
requirements-dev.txt		requirements-dev.txt
requirements-lint.txt		requirements-lint.txt
requirements.txt		requirements.txt
ruff.toml		ruff.toml
run-integration-tests.sh		run-integration-tests.sh
run-unittest.sh		run-unittest.sh
wsgi.py		wsgi.py
wsgi_params		wsgi_params

Repository files navigation

DefectDojo

Open Source Security Index - Fastest Growing Open Source Security Projects

DefectDojo is a DevSecOps, ASPM (application security posture management), andvulnerability management tool. DefectDojo orchestrates end-to-end security testing, vulnerability tracking,deduplication, remediation, and reporting.

Demo

Pro Edition:pro.demo.defectdojo.com

Community Edition:demo.defectdojo.org

Either demo enviornment can be logged into with usernameadmin and password1Defectdojo@demo#appsec. Please note that the demos are publicly accessibleand reset every day. Do not put sensitive data in the demo. An easy way to test DefectDojo is to upload somesample scan reports.

Quick Start for Compose V2

From July 2023 Compose V1stopped receiving updates.

Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previousdocker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, usingdocker compose instead ofdocker-compose.

# Clone the projectgit clone https://github.com/DefectDojo/django-DefectDojocd django-DefectDojo# Check if your installed toolkit is compatible./docker/docker-compose-check.sh# Building Docker imagesdocker compose build# Run the application# (see https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/DOCKER.md for more info)docker compose up -d# Obtain admin credentials. The initializer can take up to 3 minutes to run.# Use docker compose logs -f initializer to track its progress.docker compose logs initializer| grep"Admin password:"

For Docker Compose V1

You can run Compose V1 by callingdocker-compose (by adding the hyphen (-) betweendocker compose).

Following commands are using original version so you might need to adjust them:

docker/docker-compose-check.shdocker/entrypoint-initializer.shdocker/setEnv.sh

Navigate tohttp://localhost:8080 to see your new instance!

Documentation

Official Docs
REST APIs
Client APIs and Wrappers
Authentication options:
- OAuth2/SAML2
- LDAP
Supported tools
How to Write Documentation Locally

Supported Installation Options

SaaS - New UI, addittional features, includes support & supports the project
Docker / Docker Compose

Community, Getting Involved, and Updates

Join the OWASP Slack Community and participate in the discussion! You can find us inour channel there,#defectdojo. Follow DefectDojo onTwitter,LinkedIn, andYouTube for project updates!

Contributing

Please see ourcontributing guidelines for details and standards on contributingbefore considering or submitting a pull request.

Pro Edition

Upgrade to DefectDojo Pro! Pro transcends the do-it-yourself approach of open-source: A new UI, incredibile scalability, API connectors, ServiceNow, GitHub, GitLab, Azure DevOps, automatic data enrichment, prioritization, and more! See all the differentiators at the bottom of our pricing page:defectdojo.com/pricing.

Alternatively, for information please emailhello@defectdojo.com

About Us

DefectDojo is maintained by:

Greg Anderson (@devGregA |LinkedIn)
Matt Tesauro (@mtesauro |LinkedIn |@matt_tesauro)

Core Moderators can help you with pull requests or feedback on dev ideas:

Cody Maffucci (@Maffooch |LinkedIn)

Moderators can help you with pull requests or feedback on dev ideas:

Charles Neill (@cneill |@ccneill)
Blake Owens (@blakeaowens)

Hall of Fame

Jannik Jürgens (@alles-klar) - Jannik was a long time contributor and moderator forDefectDojo and made significant contributions to many areas of the platform. Jannik was instrumental in pioneeringand optimizing deployment methods.
Valentijn Scholten (@valentijnscholten |Sponsor |LinkedIn) - Valentijn served as a core moderator for 3 years.Valentijn's contributions were numerous and extensive. He overhauled, improved, and optimized many parts of thecodebase. He consistently fielded questions, provided feedback on pull requests, and provided a helping hand whereverit was needed.
Fred Blaise (@madchap |LinkedIn) - Fredserved as a core moderator during a critical time for DefectDojo. He contributed code, helped the team stay organized,and architected important policies and procedures.
Aaron Weaver (@aaronweaver |LinkedIn) -Aaron has been a long time contributor and user of DefectDojo. He did the second major UI overhaul and hiscontributions include automation enhancements, CI/CD engagements, increased metadata at the product level, and manymore.