View Issue Details

IDProjectCategoryView StatusLast Update
0006956Kali Linux[All Projects] Queued Tool Additionpublic2021-01-17 06:31
ReporterdevGregA Assigned To 
PrioritynormalSeverityminorReproducibilityN/A
Status acknowledgedResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0006956: OWASP DefectDojo
Description[Name] - The name of the tool

OWASP DefectDojo

[Version] - What version of the tool should be added?

1.11.0

[Homepage] -

https://www.defectdojo.org/
https://github.com/DefectDojo/django-DefectDojo
https://defectdojo.readthedocs.io/en/latest/

[Download] - Where to go to get the tool?

https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.11.0
or
https://hub.docker.com/u/defectdojo - docker images are the easiest way to get the new releases.

[Author] - Who made the tool?

DefectDojo is maintained by a group: https://github.com/DefectDojo/django-DefectDojo#project-moderators, but I am the original author.

[Licence] - How is the software distributed? What conditions does it come with?

BSD 3-Clause
https://github.com/DefectDojo/django-DefectDojo/blob/master/LICENSE.md

[Description] - What is the tool about? What does it do?

Combines scan results from multiple scanners to consolidate metrics, make reporting easier, and remove duplicates / false positive using heuristic algorithms.

[Dependencies] - What is needed for the tool to work?

If docker is an option, only the docker images. We typically recommend adding the start up to Systemctl

[Similar tools] - What other tools are out there?

Threadfix, CodeDX, Dradis.

[Activity] - When did the project start? Is is still actively being deployed?

Approximately 7 years ago. Yes, actively maintained and continuing to grow. We're a flagship project under OWASP.

[How to install] - How do you compile it?

No compiling is necessary with the docker images.

Note, using source code to acquire (e.g. git clone/svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version.

[How to use] - What are some basic commands/functions to demonstrate it?

Example 1: Say you like using openVAS for scanning infrastructure and ZAP for applications. DefectDojo is an easy way to take the results from both and export one report without having to manually combine.
Example 2: Say you really like Burp Suite for finding some vulnerabilities, but you also like Arachni for others. You can ship the results from both into DefectDojo. Dojo will attempt to remove duplicates/overlap by looking at the endpoint/location and finding details.

[Packaged] - Is the tool already packaged for Debian?

There is not, but we have a maintainer who is familiar with Debian packaging and happy to assist.

Activities

g0tmi1k

2021-01-08 13:26

administrator   ~0014053

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

devGregA

2021-01-11 22:08

reporter   ~0014107

Thanks for getting back to me @g0tmi1k. Will review the packaging process and discuss with the team. Back with you shortly.

devGregA

2021-01-17 06:31

reporter   ~0014117

We've reviewed and will take a first run at the packaging. Expecting to be able to complete it this week.

Issue History

Date Modified Username Field Change
2020-12-30 03:48 devGregA New Issue
2021-01-08 13:24 g0tmi1k Summary Please Consider Adding OWASP DefectDojo => OWASP DefectDojo
2021-01-08 13:26 g0tmi1k Note Added: 0014053
2021-01-08 13:26 g0tmi1k Status new => acknowledged
2021-01-08 13:26 g0tmi1k Category New Tool Requests => Queued Tool Addition
2021-01-11 22:08 devGregA Note Added: 0014107
2021-01-17 06:31 devGregA Note Added: 0014117