I’m happy to announce the latest version of a project that the Security Engineering team at Rackspace has been working on: DefectDojo! DefectDojo is an open source defect tracking system that was created by our team to keep up with security engagements, but it can be useful for tracking any type of application testing. It supports functionality like Finding templates, PDF report generation, metrics graphs, charts, and some self-service tools for doing port scans, for example.

Checking out DefectDojo

To get the latest version, you can download a zip file or view the source on Github. Want to check out a demo before installing it on your machine? We have you covered.

Login as admin:

Login as product owner / non-staff user:

Getting Started

If you’re new to DefectDojo, we have an in-depth installation guide for Ubuntu and a Vagrant installation guide as well. See the getting started guide to learn the fundamentals of working with DefectDojo, and if you want a primer on the terminology used in the app, check out the about file for some examples. If you start using DefectDojo and find something you’d like to add, check out the contributing file. We love pull requests!

Changes in 1.0.2

With version 1.0.2, we have decided to use the Simplified BSD license instead of the Creative Commons license under which it was originally released. The new version brings some changes to the way Endpoints work, making them a distinct model that can be referenced within searches/filters and more. Giving non-staff users access to Products now lets them see Endpoints and Findings for those Products. They can also set up port scans for their Products, view metrics, and generate reports.

You can check out the full changelog on Github to see what other goodies we have in store for you with v1.0.2, as well as instructions for migrating your existing Endpoints to the new format.

Contact Us

DefectDojo is maintained by Jay Paz, Greg Anderson, and myself. We’d love to hear what you think!