Skip to main content

Managed Vulnerability Management

Managed DefectDojo Hosting

Application security and vulnerability management

License: BSD-3-Clause GitHub: 3.8K stars Infra: 2–4 GB RAM, 2 vCPU, 20 GB storage

What is DefectDojo?

DefectDojo is an open-source application vulnerability management platform. It streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools for security teams.

Use cases

  • DevSecOps teams consolidating scan results
  • Organizations needing vulnerability lifecycle management
  • Compliance teams tracking remediation SLAs
  • Security teams integrating scanning into CI/CD

Features

  • Centralized vulnerability tracking
  • 130+ scanner integrations (OWASP ZAP, Trivy, etc.)
  • CI/CD pipeline integration
  • Risk-based prioritization
  • Customizable reports and metrics
  • JIRA and Slack integration
  • REST API for automation
  • Compliance tracking and SLA management

Simple, transparent pricing

Same software, fraction of the cost.

Starter

Up to 5 products

From $20 /mo
  • DefectDojo Platform
  • Up to 5 tracked products
  • Scanner integrations
  • Basic dashboards and reports
  • Daily backups
  • Email support
Contact us

Most popular

Business

Up to 25 products

From $40 /mo
  • Everything in Starter
  • Up to 25 products
  • JIRA integration
  • CI/CD pipeline webhooks
  • Custom reports
  • Priority support
Contact us

Enterprise

Unlimited products

From $60 /mo
  • Everything in Business
  • Unlimited products
  • SSO / LDAP
  • Custom integrations
  • Multi-tenancy
  • SLA-backed uptime
Contact us

Every plan includes

Managed hosting

Dedicated bare-metal servers

Automated backups

Daily backups with 30-day retention

SSL included

Automatic HTTPS with Let's Encrypt

Monitoring

24/7 uptime monitoring and alerting

Compliance-ready hosting

Every managed deployment runs on EU infrastructure. Data Processing Agreement available on request. All services covered under a single DPA.

View compliance documentation →

Frequently asked questions

Which SAST and DAST scanner outputs can DefectDojo import?

DefectDojo supports 130+ importers including OWASP ZAP, Trivy, Semgrep, Bandit, Checkmarx, Burp Suite, and more. Each importer maps findings to a unified format so you compare results across tools in one view.

How does DefectDojo integrate with JIRA for remediation tracking?

On the Business plan, DefectDojo can automatically create JIRA issues from new findings and sync status back when issues are resolved. You configure the project key and severity threshold in the integration settings.

How many products can I track on each plan?

Starter covers up to 5 products, Business up to 25, and Enterprise is unlimited with multi-tenancy and SSO/LDAP. Each product in DefectDojo maps to one application or service in your portfolio.

Can DefectDojo receive findings from Dependency-Track?

Yes. Dependency-Track can push component vulnerability findings to DefectDojo via its REST API, giving your security team a single pane of glass for both SAST/DAST and supply chain findings.

Ready to get started with DefectDojo?

Your instance is provisioned in minutes. No credit card required for a consultation.

Contact us