Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/DefectDojo/django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://github.com/DefectDojo/django-DefectDojo

analytics appsec automation devsecops django hacktoberfest kubernetes owasp python security security-automation security-orchestration vulnerability-correlation vulnerability-databases vulnerability-management

Last synced: about 2 months ago
JSON representation

DevSecOps, ASPM, Vulnerability Management. All on one platform.

Host: GitHub
URL: https://github.com/DefectDojo/django-DefectDojo
Owner: DefectDojo
License: bsd-3-clause
Created: 2015-02-19T17:53:47.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2024-04-13T20:14:35.000Z (5 months ago)
Last Synced: 2024-04-13T21:26:27.124Z (5 months ago)
Topics: analytics, appsec, automation, devsecops, django, hacktoberfest, kubernetes, owasp, python, security, security-automation, security-orchestration, vulnerability-correlation, vulnerability-databases, vulnerability-management
Language: HTML
Homepage: https://defectdojo.com
Size: 138 MB
Stars: 3,370
Watchers: 208
Forks: 1,447
Open Issues: 286
Metadata Files:
- Readme: README.md
- License: LICENSE.md
- Security: SECURITY.md

Awesome Lists containing this project

Awesome - Django-DefectDojo - DefectDojo is a DevSecOps and vulnerability management tool. (Development / VoIP)
DevSecOps - https://github.com/DefectDojo/django-DefectDojo - DefectDojo?style=for-the-badge) | (Orchestration)
awesome-cloudops - DefectDojo - DefectDojo?label=%E2%AD%90%EF%B8%8F&logo=github" alt="Stars"><br><img align="right" src="https://img.shields.io/github/issues-raw/DefectDojo/django-DefectDojo" alt="Issues"><br><img align="right" src="https://img.shields.io/github/last-commit/DefectDojo/django-DefectDojo">](https://github.com/DefectDojo/django-DefectDojo) | | Security, App Security, Monitoring, Audit | DefectDojo is a DevSecOps and vulnerability management tool. | (Tools)
awesome-software-supply-chain-security - DefectDojo/django-DefectDojo: DefectDojo is a DevSecOps and vulnerability management tool.
awesome-devsecops-russia - DefectDojo
awesome-hacking-lists - DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform. (HTML)
starred-awesome - django-DefectDojo - DefectDojo is an open-source application vulnerability correlation and security orchestration application (Python)
awesome-software-supply-chain-security - DefectDojo - ![GitHub stars](https://img.shields.io/github/stars/DefectDojo/django-DefectDojo?style=flat-square) - A security orchestration and vulnerability management platform. (Cloud Security Posture Management)

README

        # DefectDojo

    

        

            

                

            

        

        

            


                

                

                

                

            

            

                

                

                

            

        

    

 

![Screenshot of DefectDojo](https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/screenshot1.png)

[DefectDojo](https://www.defectdojo.com/) is a DevSecOps, ASPM (application security posture management), and

vulnerability management tool.  DefectDojo orchestrates end-to-end security testing, vulnerability tracking,

deduplication, remediation, and reporting.

## Demo

Try out DefectDojo on our demo server at [demo.defectdojo.org](https://demo.defectdojo.org)

Log in with username `admin` and password `1Defectdojo@demo#appsec`. Please note that the demo is publicly accessible

and regularly reset. Do not put sensitive data in the demo.

## Quick Start for Compose V2

From July 2023 Compose V1 [stopped receiving updates](https://docs.docker.com/compose/reference/).

Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous

docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using

`docker compose` instead of `docker-compose`.

```sh

# Clone the project

git clone https://github.com/DefectDojo/django-DefectDojo

cd django-DefectDojo

# Building Docker images

./dc-build.sh

# Run the application (for other profiles besides postgres-redis see  

# https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/DOCKER.md)

./dc-up-d.sh postgres-redis

# Obtain admin credentials. The initializer can take up to 3 minutes to run.

# Use docker compose logs -f initializer to track its progress.

docker compose logs initializer | grep "Admin password:"

```

## For Docker Compose V1

You can run Compose V1 by editing the files below to add the hyphen (-) between `docker compose`. 

```sh

     dc-build.sh

     dc-down.sh

     dc-stop.sh

     dc-unittest.sh

     dc-up-d.sh

     dc-up.sh

     docker/docker-compose-check.sh

     docker/entrypoint-initializer.sh

     docker/setEnv.sh

```

Navigate to `http://localhost:8080` to see your new instance!

## Documentation

* [Official Docs](https://documentation.defectdojo.com/)

    * [Docs for our `dev` branch](https://documentation.defectdojo.com/dev/)

* [REST APIs](https://documentation.defectdojo.com/integrations/api-v2-docs/)

* [Client APIs and Wrappers](https://documentation.defectdojo.com/integrations/api-v2-docs/#clients--api-wrappers)

* Authentication options:

    * [OAuth2/SAML2](https://documentation.defectdojo.com/integrations/social-authentication/)

    * [LDAP](https://documentation.defectdojo.com/integrations/ldap-authentication/)

* [Supported tools](https://documentation.defectdojo.com/integrations/parsers/)

## Supported Installation Options

* [Docker / Docker Compose](readme-docs/DOCKER.md)

* [SaaS](https://www.defectdojo.com/pricing) - Includes Support & Supports the Project

* [AWS AMI](https://aws.amazon.com/marketplace/pp/prodview-m2a25gr67xbzk) - Supports the Project

## Community, Getting Involved, and Updates

[](https://owasp.org/slack/invite)

[](https://www.linkedin.com/company/defectdojo)

[](https://twitter.com/defectdojo)

[](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ)

[Join the OWASP Slack community](https://owasp.org/slack/invite) and participate in the discussion! You can find us in

our channel there, [#defectdojo](https://owasp.slack.com/channels/defectdojo). Follow DefectDojo on

[Twitter](https://twitter.com/defectdojo), [LinkedIn](https://www.linkedin.com/company/defectdojo), and

[YouTube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) for project updates!

## Contributing

:warning: We have instituted a [feature freeze](https://github.com/DefectDojo/django-DefectDojo/discussions/8002) on v2

of DefectDojo as we begin work on v3. Please see our [contributing guidelines](readme-docs/CONTRIBUTING.md) for more

information. Check out our latest update on v3 [here](https://github.com/DefectDojo/django-DefectDojo/discussions/8974).

## Pro Edition

[Upgrade to DefectDojo Pro](https://www.defectdojo.com/pricing) today to take your DevSecOps to 11. DefectDojo Pro is

designed to meet you wherever you are on your security journey and help you scale, with enhanced dashboards, additional

smart features, tunable deduplication, and support from DevSecOps experts.

Alternatively, for information please email [email protected]

## About Us

DefectDojo is maintained by:

* Greg Anderson ([@devGregA](https://github.com/devgrega) | [LinkedIn](https://www.linkedin.com/in/g-anderson/))

* Matt Tesauro ([@mtesauro](https://github.com/mtesauro) | [LinkedIn](https://www.linkedin.com/in/matttesauro/) |

  [@matt_tesauro](https://twitter.com/matt_tesauro))

Core Moderators can help you with pull requests or feedback on dev ideas:

* Cody Maffucci ([@Maffooch](https://github.com/maffooch) | [LinkedIn](https://www.linkedin.com/in/cody-maffucci))

Moderators can help you with pull requests or feedback on dev ideas:

* Damien Carol ([@damiencarol](https://github.com/damiencarol) | [LinkedIn](https://www.linkedin.com/in/damien-carol/))

* Jannik Jürgens ([@alles-klar](https://github.com/alles-klar))

* Dubravko Sever ([@dsever](https://github.com/dsever))

* Charles Neill ([@cneill](https://github.com/cneill) | [@ccneill](https://twitter.com/ccneill))

* Jay Paz ([@jjpaz](https://twitter.com/jjpaz))

* Blake Owens ([@blakeaowens](https://github.com/blakeaowens))

## Hall of Fame

* Valentijn Scholten ([@valentijnscholten](https://github.com/valentijnscholten) |

  [Sponsor](https://github.com/sponsors/valentijnscholten) |

  [LinkedIn](https://www.linkedin.com/in/valentijn-scholten/)) - Valentijn served as a core moderator for 3 years.

  Valentijn’s contributions were numerous and extensive. He overhauled, improved, and optimized many parts of the

  codebase. He consistently fielded questions, provided feedback on pull requests, and provided a helping hand wherever

  it was needed.

* Fred Blaise ([@madchap](https://github.com/madchap) | [LinkedIn](https://www.linkedin.com/in/fredblaise/)) - Fred

  served as a core moderator during a critical time for DefectDojo. He contributed code, helped the team stay organized,

  and architected important policies and procedures.

* Aaron Weaver ([@aaronweaver](https://github.com/aaronweaver) | [LinkedIn](https://www.linkedin.com/in/aweaver/)) -

  Aaron has been a long time contributor and user of DefectDojo. He did the second major UI overhaul and his

  contributions include automation enhancements, CI/CD engagements, increased metadata at the product level, and many

  more.

## Security

Please report Security issues via our [disclosure policy](readme-docs/SECURITY.md).

## License

DefectDojo is licensed under the [BSD 3-Clause License](LICENSE.md)