django-DefectDojo v2.30 releases: application vulnerability correlation & security orchestration application

DefectDojo is an open-source application vulnerability correlation and security orchestration application. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities, and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.

While traceability and metrics are the ultimate end goal, it is a bug tracker at its core. Taking advantage of DefectDojo’s Product:Engagement model enables traceability among multiple projects and test cycles and allows for fine-grained reporting.

How does DefectDojo work?

It is based on a model that allows the ultimate flexibility in your test tracking needs.

• Working in DefectDojo starts with a Product Type.
• Each Product Type can have one or more Products.
• Each Product can have one or more Engagements.
• Each Engagement can have one more Tests.
• Each Test can have one or more Findings.

Changelog v2.30

Changes since 2.29

• Trivy: Improve package path parsing behavior @manuel-sommer (#9235)
• Drop DEV branch from release-drafter @kiblik (#9230)
• 🐛 fix error 500 for ssh-audit @manuel-sommer (#9228)
• fix typos in importing documentation @manuel-sommer (#9093)
• Trivy: Add k8 cluster resource objects @manuel-sommer (#9215)
• Use port names in Helm chart @sebastien-prudhomme (#9190)
• Fix DeprecationWarnings @kiblik (#9113)
• 🐛 fix issue #9201 @manuel-sommer (#9202)
• 🐛 fix mobsf parser #9132 @manuel-sommer (#9139)
• add component to blackduckimporter #9145 @manuel-sommer (#9148)
• 🐛 Handle when Burp Rest API Json file contains binary @manuel-sommer (#9131)
• 🐛 fix trivy parser cvss score severity discrepance #9092 @manuel-sommer (#9114)
• Django Admin pages for editing Notifications @tomaszn (#9193)
• 🎉 added component_name to AWSSecurityHub @manuel-sommer (#9161)
• Revert “Fix for vulns not included in host/endpoint views after reopening” @Maffooch (#9181)
• Docs: “Create upgrade notes to documentation” only once @kiblik (#9146)
• Add OpenAPI Specification to Release Assets @kiblik (#9054)
• Fix for vulns not included in host/endpoint views after reopening @WojTecH94 (#9077)
• Clean dojo.settings imports @kiblik (#9031)
• Debug: Avoid useless error in logs @kiblik (#9058)
• [ENHANCEMENT] Allow filtering Products and Engagements on unset properties @tomaszn (#9079)
• Store CVSS score and vector in Whitesource imports @twwd (#9019)
• [ED-308] Modify api_client to import all vulnerabilities when no asset IDs given and update documentation. @Dylan-OB (#8859)
• add unittest for .read() and utf-8 #9024 @manuel-sommer (#9026)
• Update helper.py to fix #8785 @devsecopsale (#8786)
• README typo @kiblik (#9091)
• Shellcheck workflow @cneill (#9119)
• Updated actions/labeler version, labeler.yml format @cneill (#9126)
• Revert Docker Compose version guidance @cneill (#9125)
• Correct SLA filter for Finding API @Maffooch (#9101)

Install

$ git clone https://github.com/DefectDojo/django-DefectDojo
$ cd django-DefectDojo
$ ./setup.bash
$ ./run_dojo.bash

navigate to 127.0.0.1:8000

Tutorial

Copyright (c) 2015, DefectDojo Maintainers, All rights reserved.