| Track: | DevSecOps |
|---|---|
| When: | Tue AM-1 |
| Where: | Maulden |
| Organizers | Imran Mohammed A Imran Mohammed A , Manuel Jeckelmann Manuel Jeckelmann |
| Participants | Francois Raynaud Francois Raynaud , Franziska Buehler Franziska Buehler , Abhinav Sejpal Abhinav Sejpal , Jonas Vanalderweireldt Jonas Vanalderweireldt , Manuel Jeckelmann Manuel Jeckelmann , Paul Dubourg Paul Dubourg , Peter Turczak Peter Turczak , Radu Tighineanu Radu Tighineanu , Sven Schleier Sven Schleier , Tanya Janca Tanya Janca |
| Remote Participants | Cao Wei Cao Wei , Ernesto Bethencourt Ernesto Bethencourt , Harmeet Singh Harmeet Singh , MrsYisWhy MrsYisWhy , Mustaqiim Muhar Mustaqiim Muhar , Sophie Tonnoir Sophie Tonnoir , Sugumaran Uppili Sugumaran Uppili |
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.
Why and What
DefectDojo streamlines the security testing process through several ‘models’ that an admin can manipulate with Python code. More and more organizations are using Defect Dojo as their go-to tool for vulnerability management. Hence, its important to maintain the project with latest technology trends like API first, Github Issue support, uniform deployment strategy and many more modern features. This working session aims to discuss and add new features to Defect Dojo.
Outcomes
Add Scan Integration 2.0, which is focused on shifting our integration with uploads to APIs Test new API v2 to cover all use cases Add the ability for Dojo to check for and apply updates. Add support for Github Issues A more readable code base with pep8 standards More details are available at https://github.com/DefectDojo/django-DefectDojo/projects/5
Who
The target audiences for this Working Session are:
- Security professionals
- DevSecOps professionals
- Developers
- Security champions
- Security aware individual and companies
Working materials
https://github.com/DefectDojo/django-DefectDojo https://www.owasp.org/index.php/OWASP_DefectDojo_Project
Register as participant
To register as participant add OWASP Defect Dojo to either:
- the
sessionsmetadata field from your participant's page (find your participant page and look for the edit link). - or the
participantsmetadata field from this git session page
Back to list of all Working Sessions