View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0006956||Kali Linux||[All Projects] Queued Tool Addition||public||2020-12-30 03:48||2021-04-12 21:51|
|Target Version||Fixed in Version|
|Summary||0006956: OWASP DefectDojo|
|Description||[Name] - The name of the tool|
[Version] - What version of the tool should be added?
[Download] - Where to go to get the tool?
https://hub.docker.com/u/defectdojo - docker images are the easiest way to get the new releases.
[Author] - Who made the tool?
DefectDojo is maintained by a group: https://github.com/DefectDojo/django-DefectDojo#project-moderators, but I am the original author.
[Licence] - How is the software distributed? What conditions does it come with?
[Description] - What is the tool about? What does it do?
Combines scan results from multiple scanners to consolidate metrics, make reporting easier, and remove duplicates / false positive using heuristic algorithms.
[Dependencies] - What is needed for the tool to work?
If docker is an option, only the docker images. We typically recommend adding the start up to Systemctl
[Similar tools] - What other tools are out there?
Threadfix, CodeDX, Dradis.
[Activity] - When did the project start? Is is still actively being deployed?
Approximately 7 years ago. Yes, actively maintained and continuing to grow. We're a flagship project under OWASP.
[How to install] - How do you compile it?
No compiling is necessary with the docker images.
Note, using source code to acquire (e.g. git clone/svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version.
[How to use] - What are some basic commands/functions to demonstrate it?
Example 1: Say you like using openVAS for scanning infrastructure and ZAP for applications. DefectDojo is an easy way to take the results from both and export one report without having to manually combine.
Example 2: Say you really like Burp Suite for finding some vulnerabilities, but you also like Arachni for others. You can ship the results from both into DefectDojo. Dojo will attempt to remove duplicates/overlap by looking at the endpoint/location and finding details.
[Packaged] - Is the tool already packaged for Debian?
There is not, but we have a maintainer who is familiar with Debian packaging and happy to assist.
@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging
||Thanks for getting back to me @g0tmi1k. Will review the packaging process and discuss with the team. Back with you shortly.|
||We've reviewed and will take a first run at the packaging. Expecting to be able to complete it this week.|
||All, sorry for the delay. We have made bandwith and have started the effort.|
|2020-12-30 03:48||devGregA||New Issue|
|2021-01-08 13:24||g0tmi1k||Summary||Please Consider Adding OWASP DefectDojo => OWASP DefectDojo|
|2021-01-08 13:26||g0tmi1k||Note Added: 0014053|
|2021-01-08 13:26||g0tmi1k||Status||new => acknowledged|
|2021-01-08 13:26||g0tmi1k||Category||New Tool Requests => Queued Tool Addition|
|2021-01-11 22:08||devGregA||Note Added: 0014107|
|2021-01-17 06:31||devGregA||Note Added: 0014117|
|2021-04-12 21:51||devGregA||Note Added: 0014461|