No more typing reviews! Try our Samantha, our new voice AI agent.
DefectDojo Logo

DefectDojo Reviews

Vendor: DefectDojo
4.0 out of 5
Leave a review

What is DefectDojo?

DefectDojo is an open-source application vulnerability management tool designed for organizations aiming to enhance their security posture with a streamlined workflow for managing security findings.

Get the Vulnerability Management Buyer's Guide and find out what your peers are saying about DefectDojo, Wiz, Snyk and more!
DefectDojo is the #12 ranked solution in top DevSecOps solutions and #43 ranked solution in top Vulnerability Management solutions. PeerSpot users give DefectDojo an average rating of 8.0 out of 10. DefectDojo is most commonly compared to Wiz: DefectDojo vs Wiz. DefectDojo is popular among the large enterprise segment, accounting for 52% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 13% of all views.
Buyer's Guide
Vulnerability Management
June 2026
Get the category report
Helped 900,644 peers since 2012

DefectDojo mindshare

Product category:
Vulnerability Management
As of June 2026, the mindshare of DefectDojo in the Vulnerability Management category stands at 0.8%, up from 0.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
DefectDojo0.8%
Wiz4.5%
Qualys VMDR3.9%
Other90.8%
Vulnerability Management
 
 
Key learnings from peers

Valuable Features

  • "With the pipeline of detection and DefectDojo, we are able to see the real vulnerabilities, and we fix them."

Room for Improvement

  • "We need something to notify the team responsible for a product when vulnerabilities are found."
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Vulnerability Management Buyer's Guide for additional reliable information.

Top industries

By visitors reading reviews
Comms Service Provider
13%
Financial Services Firm
11%
Construction Company
9%
Computer Software Company
9%
Manufacturing Company
7%
Retailer
7%
Government
7%
Outsourcing Company
6%
Insurance Company
4%
University
4%
Healthcare Company
4%
Transportation Company
2%
Media Company
2%
Real Estate/Law Firm
2%
Performing Arts
2%
Training & Coaching Company
1%
Wholesaler/Distributor
1%
Educational Organization
1%
Pharma/Biotech Company
1%
Recreational Facilities/Services Company
1%
Religious Institution
1%
Engineering Company
1%
Energy/Utilities Company
1%
Marketing Services Firm
1%
Leisure / Travel Company
1%
Hospitality Company
1%
Wellness & Fitness Company
1%
Logistics Company
1%

Compare DefectDojo with alternative products

Go!

Learn more about DefectDojo

DefectDojo supports security teams by facilitating the tracking, managing, and mitigation of vulnerabilities. It centralizes security findings, integrates with different tools, and automates security metrics reporting. Its automation capabilities reduce manual effort, making it indispensable for teams handling large volumes of vulnerabilities. While highly functional, some user feedback suggests there’s room for improvement in documentation and user interface.

What are DefectDojo's most important features?
  • Integration Capability: Seamlessly integrates with numerous security assessment tools to consolidate security findings.
  • Automation: Automates repetitive tasks like report generation and metrics calculation to save time.
  • Scalability: Handles large datasets efficiently, suitable for complex IT environments.
  • Customizable: Offers customization options for workflows and settings to match specific requirements.
What benefits or ROI should users look for in reviews?
  • Improved Efficiency: Streamlined processes enhance team productivity and speed up vulnerability management.
  • Enhanced Security: Comprehensive tracking and reporting improve the security posture of organizations.
  • Cost-Effective: Open-source nature minimizes costs compared to proprietary solutions.
  • Time-Saving: Reduces manual input with automated features, allowing teams to focus on high-priority tasks.

DefectDojo is commonly adopted in industries prioritizing cybersecurity, such as finance, healthcare, and technology, where it is utilized to manage ongoing security assessments and track external threats. Its ability to integrate with specialized tools makes it suitable for environments requiring robust security measures.

Related questions

  • 242
How inadvisable is it to use a single vulnerability analysis tool?
  • 190
What are the benefits of continuous scanning for vulnerability management?
  • 200
When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
  • 193
What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
  • 387
What are the main KPIs that need to be implemented to have better posture in vulnerability projects?
  • 267
Which is the best vulnerability scanner tool?
  • 247
What are your recommended automated penetration testing tools?
  • 261
How do you use the MITRE ATT&CK framework for improving enterprise security?
  • 181
Can you recommend API for Tenable Connector into ServiceNow
  • 171
What penetration testing tool (or tools) do you recommend for SMB/SME?

Product Categories

Product Categories
Vulnerability Management
DevSecOps

Popular Comparisons

Popular Comparisons
Wiz vs DefectDojo Logo
Wiz vs DefectDojo
Snyk vs DefectDojo Logo
Snyk vs DefectDojo
Microsoft Defender for Cloud vs DefectDojo Logo
Microsoft Defender for Cloud vs DefectDojo
GitLab vs DefectDojo Logo
GitLab vs DefectDojo
Qualys VMDR vs DefectDojo Logo
Qualys VMDR vs DefectDojo
Tenable Nessus vs DefectDojo Logo
Tenable Nessus vs DefectDojo
JFrog Xray vs DefectDojo Logo
JFrog Xray vs DefectDojo
Tenable Security Center vs DefectDojo Logo
Tenable Security Center vs DefectDojo
FortiCNAPP vs DefectDojo Logo
FortiCNAPP vs DefectDojo
Tenable Vulnerability Management vs DefectDojo Logo
Tenable Vulnerability Management vs DefectDojo
Qualys CyberSecurity Asset Management vs DefectDojo Logo
Qualys CyberSecurity Asset Management vs DefectDojo
Microsoft Defender Vulnerability Management vs DefectDojo Logo
Microsoft Defender Vulnerability Management vs DefectDojo
Rapid7 Metasploit vs DefectDojo Logo
Rapid7 Metasploit vs DefectDojo
Aikido Security vs DefectDojo Logo
Aikido Security vs DefectDojo
Wiz Code vs DefectDojo Logo
Wiz Code vs DefectDojo
See all alternatives
 
DefectDojo Reviews Summary
Author infoRatingReview Summary
Integration and Solution Architect at a government with 501-1,000 employees4.0DefectDojo serves as our Central Vulnerability Management, consolidating reports from various tools and facilitating easy data sharing across teams. While it efficiently tracks vulnerabilities cost-free, its notification system needs improvement for better team alerts when issues arise.
reviewer2267097 - PeerSpot reviewer
reviewer2267097
Integration and Solution Architect at a government with 501-1,000 employees
Sep 13, 2024
Easy to use with efficient vulnerability reporting and team collaboration

What is our primary use case?



Use case, so all the reports from GitLeaks, DefectDojo, GitLeaks or dependency check or Trivy, they make reports, and we send this report to DefectDojo to have CVMs, Central Vulnerability Management. DefectDojo is Central Vulnerability Management. If you have a dashboard to set, we have vulnerability in this product, on this pipeline, and they expose that. It's easy for us to have a report for all our vulnerabilities.


How has it helped my organization?



With the pipeline of detection and DefectDojo, we are able to see the real vulnerabilities, and we fix them.


What is most valuable?



The solution is easy to use and it is easy to share data with everybody. Setting the status of vulnerabilities in the product and being able to share the information with each team in our organization is helpful.


What needs improvement?



We need something to notify the team responsible for a product when vulnerabilities are found. We are able to attach a team or a manager for a product, however, we are not able to send them a notification that they have a vulnerability.


For how long have I used the solution?



We use all this product now for easily nine or ten months.


What do I think about the stability of the solution?



The solution is really stable. We are a government organization, so we have a lot of pipelines and a lot of applications. We are not Google or Microsoft or any other big company. We are a smart company with around 200 developers.


What do I think about the scalability of the solution?



We don't use a scalable solution. Actually, we don't use any scalable solution for DefectDojo.


How are customer service and support?



We don't receive any customer service from DefectDojo. We support ourselves.



How would you rate customer service and support?



Positive



Which solution did I use previously and why did I switch?



We tested multiple other solutions, like Microsoft's solution. That said, they don't have a lot of flexibility like DefectDojo. Other products have a high cost. 


How was the initial setup?



The solution is easy to install and easy to use.

One person handles maintenance. They check for any new version, update it, and start the pipeline.


What was our ROI?



The solution is free. The most important thing is it's easy to see our vulnerabilities, make modifications, and avoid big problems.


What's my experience with pricing, setup cost, and licensing?



The pricing is great. It is much cheaper compared to other solutions. We don't want to pay for things we are able to do on our own.


Which other solutions did I evaluate?



We evaluated Microsoft Defender Vulnerability and another solution. I don't recall the name.


What other advice do I have?



The solution is easy to install, easy to use, and easy to integrate with all other products. Any security product is easily integrated since it has a connector with DefectDojo. I'd rate the solution eight out of ten.


Which deployment model are you using for this solution?



On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?



Other