“Draft:DefectDojo”的意思、由来-开放百科全书

{{COI|date=August 2018}}{{Infobox software
| name = DefectDojo
| logo = Defectdojologo.png
| logo size =
| caption = "OpenSource Application Security Management"
| screenshot = Engagement-dojo.png
| developer = Greg Anderson, Aaron Weaver
| latest release version = 1.5.1
| latest release date = {{release date and age|2018|06|20|df=yes}}
| latest preview version = 1.5.2
| latest preview date = {{release date and age|2018|08|2|df=yes}}
| operating system = Windows, OS X, Linux
| programming language = Python
| status = Active
| genre = Computer security
| license = BSD
| website = {{URL|http://www.defectdojo.org}}
}}DefectDojo is an open-source vulnerability management tool built specifically for managing application security with integration into CI/CD processes and support for DevSecOps. The project allows users to import vulnerability scans and manage findings from one central source.^[1] The management tools offers a graphical user interface and a Rest API.^[2]

Architecture

DefectDojo consists of scanner importers and the core vulnerability management engine which included finding de-duplication, triage and remediation.^[3] DefectDojo supports over 23+ scanners which consist of both OpenSource and commercial tools^[4].

CI/CD

DefectDojo was featured in the paper Integrating Continuous Security Assessments in Microservicesand Cloud Native Applications^[5] Additionally, DefectDojo is recommended for use in the book, Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps^[6].

History

DefectDojo was started in 2013 at Rackspace. Soon after, Rackspace donated the project to OWASP and since then it has been maintained by the community. In June 2018, DefectDojo announced its partnership with 10Security. With 10Security's sponsorship the project will be able to increase its development speed and keep growing in terms of users and contributors.

See also

References

1. ^{{Cite web|url=https://www.defectdojo.org|title=DefectDojo|website=www.defectdojo.org|language=en|access-date=2018-08-02}}
2. ^[https://defectdojo.readthedocs.io/en/latest/ DefectDojo Documentation]
3. ^[https://www.youtube.com/watch?v=7FX0vZ245-I Making Vulnerability Management Less Painful]
4. ^{{Cite web|url=https://defectdojo.readthedocs.io/en/latest/integrations.html|title=Integrations — DefectDojo 1.3.1 documentation|website=defectdojo.readthedocs.io|language=en|access-date=2018-08-02}}
5. ^{{cite news |last1=Torkura |first1=Kennedy |title=Integrating Continuous Security Assessments in Microservices and Cloud Native Applications |url=https://www.researchgate.net/publication/320596749_Integrating_Continuous_Security_Assessments_in_Microservices_and_Cloud_Native_Applications |accessdate=19 August 2018 |agency=Hasso Plattner Institute |publisher=Research Group Internet Technologies and Systems}}
6. ^{{cite book |last1=Hsu |first1=Tony |title=Hands-On Security in DevOps |publisher=Packt Publishing Ltd |isbn=978-1788992411 |pages=195, 294–295, 245 |url=https://books.google.com/?id=bO1mDwAAQBAJ&pg=PA195&lpg=PA195&dq=%22DefectDojo%22+-wikipedia#v=onepage&q=%22DefectDojo%22%20-wikipedia&f=false|date=2018-07-30 }}

Architecture

CI/CD

History

See also

References

External links