django-DefectDojo v2.11 releases: application vulnerability correlation & security orchestration application
DefectDojo is an open-source application vulnerability correlation and security orchestration application. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities, and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.
While traceability and metrics are the ultimate end goal, it is a bug tracker at its core. Taking advantage of DefectDojo’s Product:Engagement model enables traceability among multiple projects and test cycles and allows for fine-grained reporting.
How does DefectDojo work?
It is based on a model that allows the ultimate flexibility in your test tracking needs.
- Working in DefectDojo starts with a Product Type.
- Each Product Type can have one or more Products.
- Each Product can have one or more Engagements.
- Each Engagement can have one more Tests.
- Each Test can have one or more Findings.
Changes since 2.10
- Release: Merge release into master from: release/2.11.0 @github-actions (#6383)
- Update bitnami refs in GHA and requirements @Maffooch (#6379)
- Option to extend ingress network policy @dsever (#6370)
- [HELM] Network policies @dsever (#6197)
- Vulnerability Id: More parsers @StefanFl (#6340)
- Acunetix Parser fix – Multiple CWEs on report @TheocharisPetros (#6347)
- Revert “Bump python from 3.8.12-slim-bullseye to 3.10.4-slim-bullseye” @devGregA (#6350)
- Vulnerability Id: Last batch of parsers @StefanFl (#6335)
- Replace user id with full_name @dsever (#6337)
- Remove date feature in Fortify parser @damiencarol (#6278)
- add extraEnv to helm chart @jeffgran (#6288)
- Qualys scan csv @37b (#6282)
- Vulnerability Id: Another batch of parsers @StefanFl (#6305)
- improve testssl and skip findings #6266 @manuel-sommer (#6267)
- Moves Valentijn to Hall of Fame @devGregA (#6275)
- Fix date error for Horusec parser @damiencarol (#6277)
- Fixed INFO rating for neutral/positive Mozilla Observatory findings @0x4d4e (#6233)
- Add unique_id_from_tool for SonarQubeAPI parser @damiencarol (#6235)
- [FIX] Issue 6230 Fix: Snyk parser cannot handle Nonetype CVSSv3 / cvssScore @P440Boyd (#6240)
- Jfrog XRay API parser (summary/artifact) @madeoninfo (#6181)
- Speed-up unittests: skip irrelevant migration tests @kiblik (#6242)
- Release: Merge back 2.10.0 into dev from: master-into-dev/2.10.0-2.11.0-dev @github-actions (#6241)
$ git clone https://github.com/DefectDojo/django-DefectDojo $ cd django-DefectDojo $ ./setup.bash $ ./run_dojo.bash
navigate to 127.0.0.1:8000
Copyright (c) 2015, DefectDojo Maintainers, All rights reserved.