gitmyhub

django-DefectDojo

HTML ★ 4.8k updated 19h ago

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

DefectDojo is an open-source security vulnerability management platform that collects findings from scanning tools, deduplicates them, and helps teams track and remediate security issues in one central place.

PythonDjangoDockerKubernetesHTMLsetup: moderatecomplexity 4/5

DefectDojo is an open-source platform for tracking security vulnerabilities found in software applications. When a security scanning tool runs against your codebase or infrastructure and discovers problems, DefectDojo gives your team a central place to collect those findings, track their status, avoid recording the same issue twice, assign remediation work, and produce reports. The project is described as a DevSecOps and vulnerability management tool, meaning it is designed to fit into a software development workflow where security testing happens continuously alongside regular development.

The platform can ingest findings from a wide range of external security scanning tools. Instead of each tool producing its own separate report that someone must read and manually track, DefectDojo imports the results and deduplicates them, so a vulnerability found by multiple scanners only appears once. Teams can then manage the remediation process from within DefectDojo rather than switching between different tools and spreadsheets.

For setup, the README provides a quick Docker-based install: clone the repository, run one command, and the application starts. The initial setup takes about three minutes and generates an admin password that appears in the startup logs. A live demo is publicly available at a linked address, where anyone can log in and try uploading sample scan reports.

DefectDojo is an OWASP Flagship Project, which means the Open Web Application Security Project, a nonprofit focused on software security, officially recognizes it. The project has two tiers: a free open-source community edition available on GitHub, and a paid Pro edition with additional features like a redesigned interface, deeper integrations with platforms such as GitHub, GitLab, ServiceNow, and Azure DevOps, and a hosted SaaS option.

The repository is built with Django, a Python web framework, and can be deployed using Docker Compose or Kubernetes.

Where it fits