Welcome to Our Open-Source Community!

38M+ Downloads. 4K+ GitHub Stars. 200+ Integrations.

Join our worldwide network of security enthusiasts and professionals to build the best-in-class tools needed for vulnerability management and cybersecurity.

Getting started with Open Source DefectDojo

Go to GitHub

Download Dojo

Read the Docs

Go to Docs

Join the Dojo Slack Channel

Enter the Conversation

Frequently asked questions

Where can I find installation instructions?

Full installation instructions can be found in the DefectDojo Docs.

Additional Installers: DojoPro

For our commercial customers, we provide implementation support, best practices, and bug fixes.

Learn more

How do I integrate with Jira?

Connecting a Jira Instance is the first step to take when setting up DefectDojo’s Jira integration.

Required information from Jira

You will need:

a Jira URL
an account with permissions to create and update issues in your Jira instance. This can be:
- A standard username / password combination
- A username / API Key combination (Jira Cloud)
- A Personal Access Token (aka PAT, used in Jira Data Center and Jira Server only)

Optionally, you can map:

Jira Transitions to trigger Re-Opening and Closing Findings
Jira Resolutions which can apply Risk Acceptance and False Positive statuses to Findings (optional)

Multiple Jira Projects can be handled by a single Jira Instance connection, as long as the Jira account / token used by DefectDojo has permission to create Issues in the associated Jira Project.

To get started, visit the Dojo documentation site

How do I implement SSO?

Users can connect to DefectDojo with a Username and Password, but if you prefer, you can allow users to authenticate using a Single Sign-On or SSO method. You can set up DefectDojo to work with your own SAML Identity Provider, but we also support many OAuth methods for authentication:

To learn more, visit the Docs.

How do I use the API?

DefectDojo's API is created using Django Rest Framework. The documentation of each endpoint is available within each DefectDojo installation at `/api/v2/oa3/swagger-ui` and can be accessed by choosing the API v2 Docs link on the user drop down menu in the header. For more information, visit the Docs,

Stay Connected with Our Newsletter

Resources

Sharpen your Dojo skills, keep up with industry trends, and earn rewards.

Need additional support?

Upgrade to DefectDojo Pro

Learn more

DefectDojo Blog: News and Dojo Tips

Video: Intro to Dojo

YouTube: How-Tos and Demos

Welcome to Our Open-Source Community!

38M+ Downloads. 4K+ GitHub Stars. 200+ Integrations.

Join our worldwide network of security enthusiasts and professionals to build the best-in-class tools needed for vulnerability management and cybersecurity.

Getting started with Open Source DefectDojo

Go to GitHub

Read the Docs

Join the Dojo Slack Channel

Frequently asked questions

Where can I find installation instructions?

Full installation instructions can be found in the DefectDojo Docs.

Additional Installers: DojoPro

For our commercial customers, we provide implementation support, best practices, and bug fixes.

How do I integrate with Jira?

Connecting a Jira Instance is the first step to take when setting up DefectDojo’s Jira integration.

Required information from Jira

You will need:

a Jira URL

an account with permissions to create and update issues in your Jira instance. This can be:

A standard username / password combination

A username / API Key combination (Jira Cloud)

A Personal Access Token (aka PAT, used in Jira Data Center and Jira Server only)

Optionally, you can map:

Jira Transitions to trigger Re-Opening and Closing Findings

Jira Resolutions which can apply Risk Acceptance and False Positive statuses to Findings (optional)

Multiple Jira Projects can be handled by a single Jira Instance connection, as long as the Jira account / token used by DefectDojo has permission to create Issues in the associated Jira Project.To get started, visit the Dojo documentation site

How do I implement SSO?

Users can connect to DefectDojo with a Username and Password, but if you prefer, you can allow users to authenticate using a Single Sign-On or SSO method. You can set up DefectDojo to work with your own SAML Identity Provider, but we also support many OAuth methods for authentication:

To learn more, visit the Docs.

How do I use the API?

DefectDojo's API is created using Django Rest Framework. The documentation of each endpoint is available within each DefectDojo installation at /api/v2/oa3/swagger-ui and can be accessed by choosing the API v2 Docs link on the user drop down menu in the header. For more information, visit the Docs,

Stay Connected with Our Newsletter

Resources

Sharpen your Dojo skills, keep up with industry trends, and earn rewards.

Need additional support?

Upgrade to DefectDojo Pro

DefectDojo Blog: News and Dojo Tips

Video: Intro to Dojo

YouTube: How-Tos and Demos

Dojo Rewards: Community Cred and Custom Merch

Multiple Jira Projects can be handled by a single Jira Instance connection, as long as the Jira account / token used by DefectDojo has permission to create Issues in the associated Jira Project.

To get started, visit the Dojo documentation site