Submission declined on 13 February 2026 by CNMall41 (talk). This draft's references do not show that the subject meets Wikipedia's criteria for inclusion. The draft requires multiple published secondary sources that: provide significant coverage: discuss the subject in detail, not just brief mentions or routine announcements; are reliable: from reputable outlets with editorial oversight; are independent: not connected to the subject, such as interviews, press releases, the subject's own website, or sponsored content. Please add references that meet all three of these criteria. If none exist, the subject is not yet suitable for Wikipedia. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by CNMall41 3 months ago. Last edited by CNMall41 3 months ago. Reviewer: Inform author. Resubmit Please note that if the issues are not fixed, the draft will be declined again.

The following Wikipedia contributor may be personally or professionally connected to the subject of this page. Relevant policies and guidelines may include conflict of interest, autobiography, and neutral point of view. Greg Anderson (talk · contribs) / DefectDojo DefectDojo

DefectDojo is an open-source application security and vulnerability management platform. Originally created in 2013 at Rackspace by Greg Anderson and Matt Tesauro, the project was publicly released as open-source software in 2015.^{[citation needed]} The platform enables DevSecOps teams to aggregate, deduplicate, and manage security findings from more than 200 security tools, including static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) scanners.^[1] DefectDojo is an OWASP Flagship project.^[1]

DefectDojo Inc., headquartered in Austin, Texas, develops and maintains both the open-source edition and a commercial version called DefectDojo Pro.^[2]

DefectDojo originated in 2013 when Greg Anderson, then an intern working under Matt Tesauro at Rackspace, sought to address the difficulty of consolidating security testing results from multiple tools into a single platform.^[3][4] Anderson developed the initial tool while working on Rackspace's application security team, and the project was released as open-source software in 2015 under the BSD 3-Clause License.^[5]

After leaving Rackspace, Anderson and Tesauro worked together at Pearson, where they used DefectDojo to scale the company's application security program from scanning 44 applications per year to 414, an increase of 849 percent.^[3]

DefectDojo was adopted as a project of the Open Worldwide Application Security Project (OWASP) Foundation and was designated a Flagship project, the highest project tier within the organization.^[1] The project is featured in the OWASP Developer Guide as a recommended tool for vulnerability management.^[6]

Anderson incorporated DefectDojo Inc. (formerly known as 10Security) and launched DefectDojo Pro, a commercial edition offering enterprise scalability, a redesigned user interface, and additional integrations with platforms such as ServiceNow, GitHub, GitLab, and Azure DevOps.^[2]

In September 2024, DefectDojo raised $7 million in a Series A funding round led by Iolar Ventures and Aspenwood Ventures.^[2]

DefectDojo is written in Python using the Django web framework.^[5] The platform uses a relational database (PostgreSQL or MySQL) for data storage and Celery for asynchronous task processing, including automated deduplication and synchronization with issue trackers.^[6][5]

The platform's data model is organized around four core components: products, engagements, tests, and findings.^[6] Security scan results can be imported from more than 200 tools, and the platform applies deduplication algorithms to reduce duplicate findings across different scanners.^[1] DefectDojo provides a REST API for integration with CI/CD pipelines and other automation workflows.^[5]

Key capabilities include:

• Aggregation and deduplication of vulnerability findings from multiple sources
• Risk-based prioritization and triage workflows
• Bi-directional integration with Jira for issue tracking
• Compliance reporting for standards such as PCI DSS
• Endpoint and host management
• Report generation and security program dashboards

The open-source edition, released under the BSD 3-Clause License, provides the core vulnerability management platform including multi-tool aggregation, deduplication, remediation tracking, and API access.^[5][1] It is self-hosted and can be deployed using Docker or Kubernetes.^[5]

DefectDojo Pro is the commercial edition, available as a cloud-hosted software as a service (SaaS) or self-hosted deployment.^[2]

DefectDojo is recognized on the Open Source Security Index as one of the most popular open-source security projects on GitHub.^[1] As of February 2026^[update], the project's GitHub repository has more than 4,500 stars and over 400 contributors.^[5]

• OWASP
• Application security
• DevSecOps
• Vulnerability management
• Static application security testing

• Official website
• DefectDojo on GitHub
• OWASP DefectDojo Project

Category:Computer security software Category:Free security software Category:Free software programmed in Python Category:Software using the BSD license Category:Software companies based in Texas Category:Companies based in Austin, Texas Category:American companies established in 2013 Category:2013 software