Managed Vulnerability Management
Managed DefectDojo Hosting
Application security and vulnerability management
What is DefectDojo?
DefectDojo is an open-source application vulnerability management platform. It streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools for security teams.
Use cases
- DevSecOps teams consolidating scan results
- Organizations needing vulnerability lifecycle management
- Compliance teams tracking remediation SLAs
- Security teams integrating scanning into CI/CD
Features
- Centralized vulnerability tracking
- 130+ scanner integrations (OWASP ZAP, Trivy, etc.)
- CI/CD pipeline integration
- Risk-based prioritization
- Customizable reports and metrics
- JIRA and Slack integration
- REST API for automation
- Compliance tracking and SLA management
Simple, transparent pricing
Same software, fraction of the cost.
Starter
Up to 5 products
- DefectDojo Platform
- Up to 5 tracked products
- Scanner integrations
- Basic dashboards and reports
- Daily backups
- Email support
Most popular
Business
Up to 25 products
- Everything in Starter
- Up to 25 products
- JIRA integration
- CI/CD pipeline webhooks
- Custom reports
- Priority support
Enterprise
Unlimited products
- Everything in Business
- Unlimited products
- SSO / LDAP
- Custom integrations
- Multi-tenancy
- SLA-backed uptime
Every plan includes
Managed hosting
Dedicated bare-metal servers
Automated backups
Daily backups with 30-day retention
SSL included
Automatic HTTPS with Let's Encrypt
Monitoring
24/7 uptime monitoring and alerting
Compliance-ready hosting
Every managed deployment runs on EU infrastructure. Data Processing Agreement available on request. All services covered under a single DPA.
Frequently asked questions
Which SAST and DAST scanner outputs can DefectDojo import?
DefectDojo supports 130+ importers including OWASP ZAP, Trivy, Semgrep, Bandit, Checkmarx, Burp Suite, and more. Each importer maps findings to a unified format so you compare results across tools in one view.
How does DefectDojo integrate with JIRA for remediation tracking?
On the Business plan, DefectDojo can automatically create JIRA issues from new findings and sync status back when issues are resolved. You configure the project key and severity threshold in the integration settings.
How many products can I track on each plan?
Starter covers up to 5 products, Business up to 25, and Enterprise is unlimited with multi-tenancy and SSO/LDAP. Each product in DefectDojo maps to one application or service in your portfolio.
Can DefectDojo receive findings from Dependency-Track?
Yes. Dependency-Track can push component vulnerability findings to DefectDojo via its REST API, giving your security team a single pane of glass for both SAST/DAST and supply chain findings.
Ready to get started with DefectDojo?
Your instance is provisioned in minutes. No credit card required for a consultation.
Contact us