Django DefectDojo : Open-Source Application Vulnerability Correlation & Security Orchestration Tool

DefectDojo is a security program and vulnerability management tool. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with the tool.


Try out it in our testing environment with the following credentials.

  • admin / defectdojo@demo#appsec
  • product_manager / defectdojo@demo#product

Also Read – CHAOS : PoC that Allow Generate Payloads & Control Remote OS

Quick Start

git clone
cd django-DefectDojo
docker-compose up

Navigate to http://localhost:8080.


For detailed documentation you can visit Read the Docs.

Installation Options

Getting Started

We recommend checking out the about document to learn the terminology of the tool and the getting started guide for setting up a new installation.

We’ve also created some example workflows that should give you an idea of how to use it for your own team.

Client APIs

  • Install the DefectDojo Python API via pip install defectdojo_api or clone the repository.
  • Browse the API on SwaggerHub.

Available Plugins