django-DefectDojo: application vulnerability correlation & security orchestration application
DefectDojo
DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools. DefectDojo has smart features to enhance and tune the results from your security tools including the ability to merge findings, remember false positives, and distill duplicates. DefectDojo also integrates with JIRA, provides metrics / reports, and can also be used for traditional pen test management.
What does DefectDojo do?
While automation and efficiency are the ultimate end goals, DefectDojo is a bug tracker at its core for vulnerabilities. Taking advantage of DefectDojo’s Product:Engagement model, enables traceability among multiple projects / test cycles, and allows for fine-grained reporting.
Architecture
NGINX
The webserver NGINX delivers all static content, e.g. images, JavaScript files or CSS files.
uWSGI
uWSGI is the application server that runs the DefectDojo platform, written in Python/Django, to serve all dynamic content.
Message Broker
The application server sends tasks to a Message Broker for asynchronous execution.
Celery Worker
Tasks like deduplication or the JIRA synchronization are performed asynchronously in the background by the Celery Worker.
Celery Beat
In order to identify and notify users about things like upcoming engagements, DefectDojo runs scheduled tasks. These tasks are scheduled and run using Celery Beat.
Initializer
The Initializer setups / maintains the database and syncs / runs migrations after version upgrades. It shuts itself down after all tasks are performed.
Database
The Database stores all the application data of DefectDojo. Currently only PostgreSQL is supported.
