Defect Dojo: Open-Source Vulnerability Management Made Easy

Описание: DefectDojo is an open-source vulnerability management tool designed to help software development teams streamline their security testing efforts. With its intuitive interface and powerful features, DefectDojo makes it easy to create and manage security assessments, track vulnerabilities, and prioritize remediation efforts. In this video, we'll walk you through the key features of DefectDojo and show you how to use them to improve your software security posture. Whether you're a developer, a security professional, or a project manager, DefectDojo can help you identify and address security issues early in the development process, saving you time, money, and headaches down the line.

Commands used :
-----------------------------------------------------------------------------------------------------------
Step 1: Docker installation

sudo apt-get update

sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

curl -fsSL https://download.docker.com/linux/ubu... | sudo apt-key add -

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io

sudo docker run hello-world
----------------------------------------------------------------------------------------------------------------------
Step2: Docker compose

sudo apt install docker-compose
--------------------------------------------------------------------------------------------------------------------
Step3: Defect Dojo install

sudo -s

git clone https://github.com/DefectDojo/django-...

cd django-DefectDojo/

building


./dc-build.sh
running (for other profiles besides mysql-rabbitmq look at https://github.com/DefectDojo/django-...)

./dc-up.sh mysql-rabbitmq
obtain admin credentials. the initializer can take up to 3 minutes to run
Use docker-compose logs -f initializer to track progress


docker-compose logs initializer | grep "Admin password:"

----------------------------------------------------------------------------------------------
In case of password already exists error use the below commands


docker-compose exec uwsgi /bin/bash

python manage.py createsuperuser

Follow the prompts to enter the new user's username, email, and password.

When prompted for whether the new user is a superuser, enter yes.

Exit the uwsgi container shell by typing exit.

-------------------------------------------------------------------------------------------------------------