Overview
Pricing
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
Alternatives Pricing
Product Details
- About
- Tech Details
What is DefectDojo?
DefectDojo Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Web-Based |
Comparisons
Compare with
Reviews
Community Insights
- Business Problems Solved
- Pros
- Cons
DefectDojo has proven to be a valuable tool for users in various use cases. Users have been able to log vulnerabilities manually or automate the process, saving significant time and effort. The integration capabilities of DefectDojo with popular communication tools such as Jira and Slack have been well received by the VAPT team, enabling seamless collaboration and timely resolution of vulnerabilities.
One key feature that sets DefectDojo apart is its ability to de-duplicate vulnerabilities, providing a single console for tracking and managing vulnerabilities, eliminating confusion and ensuring efficient remediation efforts. With DefectDojo's vulnerability templating system, vulnerability scanner imports, report production, and metrics, security experts have been able to streamline their workflow and tackle vulnerability management more effectively.
In some cases, users have even integrated DefectDojo with other tools like Caldera for vulnerability assessment. This integration allows reports generated by Caldera to be seamlessly pushed to DefectDojo, further enhancing the vulnerability management process. Additionally, DefectDojo has been used to scan internal servers for vulnerability management purposes, with the results easily imported into other tools, demonstrating its versatility in accommodating diverse user needs and workflows. Overall, DefectDojo has proved instrumental in facilitating vulnerability management tasks with proper SLA adherence and stakeholder scanning.
Free and Open-Source: Several users have praised DefectDojo for being free to use and open-source, making it accessible to a wide range of users. This has been particularly appreciated by those looking for a cost-effective solution or who value the transparency and flexibility that comes with an open-source tool.
Robust APIs and Integration Capabilities: The robust APIs of DefectDojo have been highly regarded by reviewers as they make the tool easy to use and integrate with other tools. The availability of API specifications in OpenAPI format further facilitates the integration process, allowing seamless communication between different systems.
Clean Interface and User-Friendly Management Features: Many users have commended DefectDojo's clean interface for its ease of use in managing and reporting vulnerabilities. The intuitive design allows for efficient navigation and task completion, making it a preferred choice among users regardless of their level of experience in vulnerability management.
Long Bug Fix Times: Some users have reported that it has taken a significant amount of time to get bugs fixed in DefectDojo since it is an open-source tool. While most bugs are addressed promptly, some fixes can take up to a month.
Deployment Issues: Users have occasionally encountered problems during deployment, including dependency errors during the initial installation of DefectDojo.
Limited Tool Integration: Several users have mentioned that there are very few tools supported with direct console integration in DefectDojo, which means they have to manually import scan files. This lack of automatic import and direct tool integration can be inconvenient for users.