Get Started
DefectDojo has a variety of installation options.

Built by Application Security Engineers
DefectDojo is an open-source OWASP Flagship Project.
Take DefectDojo for a spin! A live demo is available.
Credentials for login.
Please note: The instance is reset every hour, and must be used for test purposes only, as all data is public.
- DefectDojo is available on GitHub.
- Checkout our SaaS which includes additional features and support.
Product Features

Automated Deduplication
DefectDojo has algorithms that learn overtime to automatically reduce noise and distill results.
Integrate security testing with your CI/CD to instantly know the state of your software security.

CI/CD Automation and Tracking
Know exactly when new vulnerabilities are introduced in a build or remediated.
Use DefectDojo's API to record security tests that are run on each build.
DefectDojo has the ability to track the build id, commit hash, branch or tag, orchestration server, source code repo and build server for every on demand security test.

Vulnerability Management Features
DefectDojo provides reporting at every level including tests, engagements, and products. DefectDojo offers a variety of metrics to gain visibility into vulnerability trends and insights within your organization
Similar findings can be easily merged into a single finding to provide developers all security issues in one ticket.
Remediation and finding templates can be created by CWE so that remediation advice is consistent across all reported findings. Build and customize remediation advice based on your companies requirements.
Set remediation SLAs based on the criticality of your findings and view the remainder of days to remediate.
Set thresholds for determining the grade of your product so that a scorecard of product health can be seen at a glance.

Track Vital Product Information
All text fields support markdown to allow customized detailed information on each product.
DefectDojo supports tracking source code language composition, technologies, regulations such as PCI and GDPR, criticality, lifecycle, origin, revenue, user records and platform to name a few.
Take Your DevSecOps to 11
Whether you're just starting your DevSecOps journey or you're a seasoned professional. The DefectDojo team can provide hands-on assistance with reaching your goals. Get in touch with us to discuss our commercial offerings.
More Features
ASVS Benchmarks
Track your product proactively using OWASP's ASVS (Application Security Verification Standard Project) scoring standard. ASVS provides several checklists for security maturity.
DefectDojo allows teams to review findings on an endpoint basis rather than an application basis, for teams that are infrastructure focused.
Custom Report Generation
If you need reporting for all of DefectDojo, a single product, a group of products or any subset of data, DefectDojo's filtering and report generation at multiple levels has you covered.
Credential Manager
Credentials can be stored for each engagement which both streamlines the security testing process and makes retesting a breeze.
Frequently Asked Questions
Why create DefectDojo?
As security professionals, prior to DefectDojo, we too struggled to manage our programs and resources. DefectDojo is the result of sharpening the use case for security professionals, by securty professionals for over 10 years.
What is DefectDojo's relationship with OWASP?
DefectDojo partners with the OWASP Foundation to release an open-source edition. The open-source edition is an OWASP Flagship Project.
Who uses DefectDojo?
DefectDojo is used worldwide by large Fortune 100 companies to small businesses. The open-source edition of DefectDojo has 30M+ downloads.
Is hosting, custom integration, and commercial support available for DefectDojo?
Yes, please checkout our SaaS, contact us through our website, or simply reach out to us via email,