View Issue Details

IDProjectCategoryView StatusLast Update
0006956Kali LinuxQueued Tool Additionpublic2021-08-13 12:59
ReporterdevGregA Assigned To 
Status closedResolutionduplicate 
Summary0006956: DefectDojo

[Name] - The name of the tool

OWASP DefectDojo

[Version] - What version of the tool should be added?


[Homepage] -

[Download] - Where to go to get the tool?
or - docker images are the easiest way to get the new releases.

[Author] - Who made the tool?

DefectDojo is maintained by a group:, but I am the original author.

[Licence] - How is the software distributed? What conditions does it come with?

BSD 3-Clause

[Description] - What is the tool about? What does it do?

Combines scan results from multiple scanners to consolidate metrics, make reporting easier, and remove duplicates / false positive using heuristic algorithms.

[Dependencies] - What is needed for the tool to work?

If docker is an option, only the docker images. We typically recommend adding the start up to Systemctl

[Similar tools] - What other tools are out there?

Threadfix, CodeDX, Dradis.

[Activity] - When did the project start? Is is still actively being deployed?

Approximately 7 years ago. Yes, actively maintained and continuing to grow. We're a flagship project under OWASP.

[How to install] - How do you compile it?

No compiling is necessary with the docker images.

Note, using source code to acquire (e.g. git clone/svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version.

[How to use] - What are some basic commands/functions to demonstrate it?

Example 1: Say you like using openVAS for scanning infrastructure and ZAP for applications. DefectDojo is an easy way to take the results from both and export one report without having to manually combine.
Example 2: Say you really like Burp Suite for finding some vulnerabilities, but you also like Arachni for others. You can ship the results from both into DefectDojo. Dojo will attempt to remove duplicates/overlap by looking at the endpoint/location and finding details.

[Packaged] - Is the tool already packaged for Debian?

There is not, but we have a maintainer who is familiar with Debian packaging and happy to assist.


duplicate of 0006898 resolvedsbrun DefectDojo - open-source application vulnerability correlation and security orchestration tool. 




2021-01-08 13:26

administrator   ~0014053

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~



2021-01-11 22:08

reporter   ~0014107

Thanks for getting back to me @g0tmi1k. Will review the packaging process and discuss with the team. Back with you shortly.



2021-01-17 06:31

reporter   ~0014117

We've reviewed and will take a first run at the packaging. Expecting to be able to complete it this week.



2021-04-12 21:51

reporter   ~0014461

All, sorry for the delay. We have made bandwith and have started the effort.

Issue History

Date Modified Username Field Change
2020-12-30 03:48 devGregA New Issue
2021-01-08 13:24 g0tmi1k Summary Please Consider Adding OWASP DefectDojo => OWASP DefectDojo
2021-01-08 13:26 g0tmi1k Note Added: 0014053
2021-01-08 13:26 g0tmi1k Status new => acknowledged
2021-01-08 13:26 g0tmi1k Category New Tool Requests => Queued Tool Addition
2021-01-11 22:08 devGregA Note Added: 0014107
2021-01-17 06:31 devGregA Note Added: 0014117
2021-04-12 21:51 devGregA Note Added: 0014461
2021-08-13 12:58 g0tmi1k Summary OWASP DefectDojo => DefectDojo
2021-08-13 12:59 g0tmi1k Status acknowledged => closed
2021-08-13 12:59 g0tmi1k Resolution open => duplicate
2021-08-13 12:59 g0tmi1k Relationship added duplicate of 0006898