DefectDojo – Open-source Application Security Management

DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.

The framework provide an integration with almost all security scanners and tools.

DefectDojo - Open-source Application Security Management
DefectDojo – Open-source Application Security Management
  • Vulnerability Management Features –
    • Various reports are available for tests, engagements and products. Products can be grouped into critical products to track products that are critical to your organization.
    • Similar findings can be easily merged into one finding to provide developers one finding instead of multiple findings.
    • Remediation and finding description templates can be created by CWE so that remediation advice is consistent across all reported findings. Build and customize remediation advice based on your companies requirements.
    • Set remediation timeframes based on the criticality of your findings and view the remainder of days to remediate.
    • Set thresholds for determining the grade of your product so that a scorecard of product health can be seen at a glance.
  • CI/CD Automation and Tracking –
    • know exactly when new vulnerabilities are introduced in a build or remediated.
    • Tracking when a product is assessed is easily accomplished using DefectDojo’s API to track security tests that are run on each build.
    • DefectDojo has the ability to track the build id, commit hash, branch or tag, orchestration server, source code repo and build server for every on demand security test.

You can read more and download this framework over here:

Notify of
Inline Feedbacks
View all comments