Logo of DefectDojo

DefectDojo

Website LinkedIn Twitter

Last updated on

Company health

Employee growth
35% increase in the last year
Web traffic
16% decrease in the last quarter

Ratings

G2
4.7/5
(11)

DefectDojo description

DefectDojo is a tool that helps you manage your company's software security. It works by collecting information from your security testing tools, removing duplicate findings, and presenting a clear report of any weaknesses found. This helps your teams find and fix security issues in your software more efficiently. DefectDojo is open-source and integrates with many other popular security tools.

Who is DefectDojo best for

DefectDojo is an open-source software security solution designed to centralize and streamline vulnerability management. It helps software security professionals and developers collect, deduplicate, and report on security vulnerabilities, enabling efficient remediation. A 4.7/5 rating from 11 G2 reviews suggests strong user satisfaction.

  • Best for small to mid-sized companies seeking enhanced software security.

  • Ideal for DevSecOps practices in any industry.

DefectDojo features

Type in the name of the feature or in your own words tell us what you need
Supported

DefectDojo provides reports on vulnerabilities, including severity and remediation advice.
Supported

DefectDojo supports vulnerability risk assessment, scoring, and reporting.

DefectDojo pricing

The commentary is based on 4 reviews from DefectDojo G2 reviews.

DefectDojo is a free and open-source vulnerability management tool. While some features are moving to a paid version, the core offering remains free. This makes it a cost-effective solution for vulnerability management and a popular choice for security teams.

See the DefectDojo pricing page.

DefectDojo alternatives

  • Logo of Snyk
    Snyk
    Better fit for larger organizations and those focused on cloud-native applications and open-source security. It has broader industry applicability and more momentum. Users praise its ease of use, comprehensive scanning, and actionable insights. However, some users mention slow support and occasional inaccuracies in vulnerability reports. It has a free tier and paid plans starting at $25.
    Read more
  • Logo of HCL AppScan
    HCL AppScan
    Better fit for enterprise companies. Has more momentum and offers web application scanning, API scanning, and license information features. Provides comprehensive security testing, is easy to use, and has excellent customer support. However, it is expensive, has a steep learning curve, and long scan times. A DefectDojo alternative and competitor.
    Read more
  • Logo of Tenable One
    Tenable One
    Better for enterprise companies. Provides a unified platform and offers more comprehensive vulnerability scanning. Has broader security coverage including infrastructure, network, and web application scanning. Negative pricing sentiment.
    Read more
  • Logo of Jit
    Jit
    Better fit for developers actively coding. Has more momentum and positive reviews from users citing ease of use and integration. A strong DefectDojo competitor and alternative.
    Read more
  • Logo of GFI LanGuard
    GFI LanGuard
    Better for patch management and network security. Focuses on vulnerability scanning, patching, and network security, making it a better fit for IT operations teams. Has broader appeal and growing faster. Caters to SMBs.
    Read more
  • Logo of Dynatrace
    Dynatrace
    Better for enterprise application performance monitoring. More suitable for IT professionals in various-sized organizations needing application performance insights. Has broader industry applicability. A Dynatrace alternative.
    Read more

DefectDojo FAQ

  • What is DefectDojo and what does DefectDojo do?

    DefectDojo is an open-source application vulnerability correlation and security orchestration tool. It consolidates vulnerability findings from various sources, eliminates duplicates, and provides actionable reports to facilitate efficient vulnerability management and remediation. This streamlines the security workflow for developers and security professionals.

  • How does DefectDojo integrate with other tools?

    DefectDojo integrates with various security testing tools to consolidate vulnerability findings. It supports importing data from scanners, bug trackers, and other sources, streamlining vulnerability management and remediation efforts.

  • What the main competitors of DefectDojo?

    Top alternatives to DefectDojo include Snyk, HCL AppScan, Tenable.io, Jit, and GFI LanGuard. These competitors offer similar vulnerability management and security testing features, catering to various needs and budgets.

  • Is DefectDojo legit?

    Yes, DefectDojo is a legitimate open-source software security platform. It helps manage application security vulnerabilities by centralizing findings from various tools and prioritizing remediation efforts. DefectDojo is well-regarded, especially by smaller to mid-sized companies using DevSecOps practices.

  • How much does DefectDojo cost?

    DefectDojo is an open-source product and is free to use. There is no pricing information available for any potential enterprise or support plans.

  • Is DefectDojo customer service good?

    Customer reviews indicate that DefectDojo's customer support is a significant drawback. Users report slow response times and unresolved issues, potentially due to its open-source nature. Despite this, the platform is praised for its straightforward interface and vulnerability management capabilities.

Reviewed by

MK
Michal Kaczor
CEO at Gralio

Michal has worked at startups for many years and writes about topics relating to software selection and IT management. As a former consultant for Bain, a business advisory company, he also knows how to understand needs of any business and find solutions to its problems.

TT
Tymon Terlikiewicz
CTO at Gralio

Tymon is a seasoned CTO who loves finding the perfect tools for any task. He recently headed up the tech department at Batmaid, a well-known Swiss company, where he managed about 60 software purchases, including CX, HR, Payroll, Marketing automation and various developer tools.