Things to know:
- we use the directory you're working in (which should get this one on your machine) to mount and create most of the data we need
- edit .env_dojo and .env_mysql to fit your needs, DONT CHECK THEM IN WITH YOUR EDITS
- note: yeah I know I should fix this
- most important setting...FLUSHDB in .env_dojo you probably only want this set to y once and on subsequent docker-compose up's, set it to "n"
- lots of clean up work needs to transpire, to get this to 100% awesome I'd need to work with upstream which could take looots of time and arguing
- I used jinja2 instead of sed inasnity to template out settings.py, yes I know django has a template engine, but this was just faster and cleaner
Questions:
- why did you do this?
- needed to make this run in "prod" for someone, the repo makes it kinda hard to do that with docker
- wouldn't you like to be a pepper to?
- sometimes
- can/will you make this more better? Depends on if there's a lot of demand for it, the orginal intent here was to get something running then revist this once we're confident this thing fits the bill.
DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.
$ git clone https://github.com/DefectDojo/django-DefectDojo
$ cd django-DefectDojo
$ ./setup.bash
$ ./run_dojo.bashnavigate to 127.0.0.1:8000
If you'd like to check out a demo of DefectDojo before installing it, you can check out our PythonAnywhere demo site.
You can log in as an administrator like so:
You can also log in as a product owner / non-staff user:
For additional documentation you can visit our Read the Docs site.
We recommend checking out the about document to learn the terminology of DefectDojo, and the getting started guide for setting up a new installation. We've also created some example workflows that should give you an idea of how to use DefectDojo for your own team.
- DefectDojo Python API:
pip install defectdojo_apior clone the repository.
Get Access. Realtime discussion is done in the OWASP Slack Channel, #defectdojo.
DefectDojo Twitter Account tweets project updates and changes.
Engagement Surveys - A plugin that adds answerable surveys to engagements.
DefectDojo is maintained by:
- Greg Anderson
- Charles Neill (@ccneill)
- Jay Paz (@jjpaz)
- Aaron Weaver (@weavera)
- Matt Tesauro (@matt_tesauro)
We greatly appreciate all of our contributors.
We would also like to highlight the contributions from Michael Dong and Fatimah Zohra who contributed to DefectDojo before it was open source.
If you fix an issue with the swag reward tag, we'll send you a shirt and some stickers!
Proceeds are used for testing, infrastructure, etc.
Interested in becoming a sponsor and having your logo displayed? Please email [email protected]
DefectDojo is licensed under the BSD Simplified license