Open Source DevSecOps

The leading application vulnerability management tool.
Built for both DevSecOps and traditional application security.

Get Started

Get Started

DefectDojo has a variety of installation options.

Built by Application Security Engineers

DefectDojo is an open-source OWASP Flagship Project.

Take DefectDojo for a spin! A live demo is available. Credentials for login.
Please note: The instance is reset every hour, and must be used for test purposes only, as all data is public.

Product Features

Vulnerability Management

DefectDojo integrates with 150+ security tools.

JIRA Integration

DefectDojo has bi-directional integration with JIRA.

Automated Deduplication

DefectDojo has algorithms that learn overtime to automatically reduce noise and distill results.


Integrate security testing with your CI/CD to instantly know the state of your software security.

CI/CD Automation and Tracking

Know exactly when new vulnerabilities are introduced in a build or remediated.

Use DefectDojo's API to record security tests that are run on each build.

DefectDojo has the ability to track the build id, commit hash, branch or tag, orchestration server, source code repo and build server for every on demand security test.

Vulnerability Management Features

DefectDojo provides reporting at every level including tests, engagements, and products. DefectDojo offers a variety of metrics to gain visibility into vulnerability trends and insights within your organization

Similar findings can be easily merged into a single finding to provide developers all security issues in one ticket.

Remediation and finding templates can be created by CWE so that remediation advice is consistent across all reported findings. Build and customize remediation advice based on your companies requirements.

Set remediation SLAs based on the criticality of your findings and view the remainder of days to remediate.

Set thresholds for determining the grade of your product so that a scorecard of product health can be seen at a glance.

Track Vital Product Information

All text fields support markdown to allow customized detailed information on each product.

DefectDojo supports tracking source code language composition, technologies, regulations such as PCI and GDPR, criticality, lifecycle, origin, revenue, user records and platform to name a few.

Take Your DevSecOps to 11

Whether you're just starting your DevSecOps journey or you're a seasoned professional. The DefectDojo team can provide hands-on assistance with reaching your goals. Get in touch with us to discuss our commercial offerings.

More Features

ASVS Benchmarks

Track your product proactively using OWASP's ASVS (Application Security Verification Standard Project) scoring standard. ASVS provides several checklists for security maturity.


DefectDojo allows teams to review findings on an endpoint basis rather than an application basis, for teams that are infrastructure focused.

Custom Report Generation

If you need reporting for all of DefectDojo, a single product, a group of products or any subset of data, DefectDojo's filtering and report generation at multiple levels has you covered.

Credential Manager

Credentials can be stored for each engagement which both streamlines the security testing process and makes retesting a breeze.

Frequently Asked Questions