DefectDojo, Inc.
| Private | |
| ISIN | 🆔 |
| Industry | Cybersecurity |
| Founded 📆 | 2013 |
| Founders 👔 | Greg Anderson Matt Tesauro |
| Headquarters 🏙️ | Austin, Texas, U.S. |
Area served 🗺️ | |
Key people | Greg Anderson (CEO) Matt Tesauro (CTO) |
| Products 📟 | DefectDojo (open source) DefectDojo Pro |
| Members | |
Number of employees | |
| 🌐 Website | defectdojo |
| 📇 Address | |
| 📞 telephone | |
DefectDojo is an open-source application security and vulnerability management platform. Originally created in 2013 at Rackspace by Greg Anderson and Matt Tesauro, the project was publicly released as open-source software in 2015.[citation needed] The platform enables DevSecOps teams to aggregate, deduplicate, and manage security findings from more than 200 security tools, including static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) scanners.[1] DefectDojo is an OWASP Flagship project.[1]
DefectDojo Inc., headquartered in Austin, Texas, develops and maintains both the open-source edition and a commercial version called DefectDojo Pro.[2]
History
Origins
DefectDojo originated in 2013 when Greg Anderson, then an intern working under Matt Tesauro at Rackspace, sought to address the difficulty of consolidating security testing results from multiple tools into a single platform.[3][4] Anderson developed the initial tool while working on Rackspace's application security team, and the project was released as open-source software in 2015 under the BSD 3-Clause License.[5]
After leaving Rackspace, Anderson and Tesauro worked together at Pearson, where they used DefectDojo to scale the company's application security program from scanning 44 applications per year to 414, an increase of 849 percent.[3]
OWASP Flagship status
DefectDojo was adopted as a project of the Open Worldwide Application Security Project (OWASP) Foundation and was designated a Flagship project, the highest project tier within the organization.[1] The project is featured in the OWASP Developer Guide as a recommended tool for vulnerability management.[6]
Incorporation and commercial product
Anderson incorporated DefectDojo Inc. (formerly known as 10Security) and launched DefectDojo Pro, a commercial edition offering enterprise scalability, a redesigned user interface, and additional integrations with platforms such as ServiceNow, GitHub, GitLab, and Azure DevOps.[2]
Funding
In September 2024, DefectDojo raised $7 million in a Series A funding round led by Iolar Ventures and Aspenwood Ventures.[2]
Technology
DefectDojo is written in Python using the Django web framework.[5] The platform uses a relational database (PostgreSQL or MySQL) for data storage and Celery for asynchronous task processing, including automated deduplication and synchronization with issue trackers.[6][5]
The platform's data model is organized around four core components: products, engagements, tests, and findings.[6] Security scan results can be imported from more than 200 tools, and the platform applies deduplication algorithms to reduce duplicate findings across different scanners.[1] DefectDojo provides a REST API for integration with CI/CD pipelines and other automation workflows.[5]
Key capabilities include:
- Aggregation and deduplication of vulnerability findings from multiple sources
- Risk-based prioritization and triage workflows
- Bi-directional integration with Jira for issue tracking
- Compliance reporting for standards such as PCI DSS
- Endpoint and host management
- Report generation and security program dashboards
Products
OWASP Edition (open source)
The open-source edition, released under the BSD 3-Clause License, provides the core vulnerability management platform including multi-tool aggregation, deduplication, remediation tracking, and API access.[5][1] It is self-hosted and can be deployed using Docker or Kubernetes.[5]
DefectDojo Pro
DefectDojo Pro is the commercial edition, available as a cloud-hosted software as a service (SaaS) or self-hosted deployment.[2]
Reception
DefectDojo is recognized on the Open Source Security Index as one of the most popular open-source security projects on GitHub.[1] As of February 2026[update], the project's GitHub repository has more than 4,500 stars and over 400 contributors.[5]
See also
References
- ↑ 1.0 1.1 1.2 1.3 1.4 1.5 "OWASP DefectDojo". OWASP Foundation. Retrieved 2026-02-11.
- ↑ 2.0 2.1 2.2 2.3 Kovacs, Eduard (2024-09-25). "DefectDojo Raises $7 Million for Application Security Platform". SecurityWeek. Retrieved 2026-02-11.
- ↑ 3.0 3.1 "Interview With Greg Anderson – CEO and Co-Founder of DefectDojo". Safety Detectives. Retrieved 2026-02-11.
- ↑ "DefectDojo: Interview With Founder & CEO Greg Anderson About The DevSecOps And Vulnerability Management Company". Pulse 2.0. Retrieved 2026-02-11.
- ↑ 5.0 5.1 5.2 5.3 5.4 5.5 5.6 "DefectDojo/django-DefectDojo". GitHub. Retrieved 2026-02-11.
- ↑ 6.0 6.1 6.2 "DefectDojo – OWASP Developer Guide". OWASP Foundation. Retrieved 2026-02-11.
External links
Category:Computer security software Category:Free security software Category:Free software programmed in Python Category:Software using the BSD license Category:Software companies based in Texas Category:Companies based in Austin, Texas Category:American companies established in 2013 Category:2013 software
This article "DefectDojo" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:DefectDojo. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
