OWASP Defect Dojo

View the original Working Session content

What is OWASP DefectDojo?

OWASP DefectDojo is an open source vulnerability management tool written in Python/Django. Its top goal is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo does this by offering:

  • A templating system for vulnerabilities
  • Baseline self-service tools
  • Imports for common vulnerability scanners
  • Report generation
  • Metrics.

DefectDojo collects vulnerabilities in single system. It enables a testing pipeline, currently with manual collection/entry, some upload functions, and parsers for known problems. If multiple tests are run on the same application, DefectDojo can deduplicate findings for a simpler overview.

DefectDojo Roadmap and Requirements

More organizations are using Defect Dojo as their go-to tool for vulnerability management. It is important to maintain the project with latest technology trends like API-first, GitHub issue support, and uniform deployment strategy.

Specific actions planned are:

  • Add Scan Integration 2.0 (uploads to APIs)
  • Test new API v2 to cover all use cases
  • Add the ability for Dojo to check for and apply updates.
  • Add support for GitHub Issues
  • A more readable code base with PEP8 standards

To use DefectDojo on a broader scale, we also need to improve the production grade code quality:

  • Application of model changes
  • Data model (use case documentation, relationships, etc.)
  • Performance aspects
  • Test coverage
  • Production deployment best practices

We also need better ways to collaborate and handle code merge master.


Additional/External References

Session organiser(s)

Imran Mohammed A Imran Mohammed A , Manuel Jeckelmann Manuel Jeckelmann


Francois Raynaud Francois Raynaud , Franziska Buehler Franziska Buehler , Abhinav Sejpal Abhinav Sejpal , Jonas Vanalderweireldt Jonas Vanalderweireldt , Manuel Jeckelmann Manuel Jeckelmann , Paul Dubourg Paul Dubourg , Peter Turczak Peter Turczak , Radu Tighineanu Radu Tighineanu , Sven Schleier Sven Schleier , Tanya Janca Tanya Janca Cao Wei Cao Wei , Ernesto Bethencourt Ernesto Bethencourt , Harmeet Singh Harmeet Singh , MrsYisWhy MrsYisWhy , Mustaqiim Muhar Mustaqiim Muhar , Sophie Tonnoir Sophie Tonnoir , Sugumaran Uppili Sugumaran Uppili

Attached materials: