Try our new research platform with insights from 80,000+ expert users
DefectDojo Logo

DefectDojo Reviews

Vendor: DefectDojo
4.0 out of 5
Leave a review

What is DefectDojo?

DefectDojo is an open-source application vulnerability management tool designed for organizations aiming to enhance their security posture with a streamlined workflow for managing security findings.

Get the Vulnerability Management Buyer's Guide and find out what your peers are saying about DefectDojo, GitLab, Tenable Security Center and more!
DefectDojo is the #11 ranked solution in top DevSecOps solutions and #37 ranked solution in top Vulnerability Management solutions. PeerSpot users give DefectDojo an average rating of 8.0 out of 10. DefectDojo is most commonly compared to GitLab: DefectDojo vs GitLab. DefectDojo is popular among the large enterprise segment, accounting for 57% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.
Buyer's Guide
Vulnerability Management
August 2025
Get the category report
Helped 866,218 peers since 2012

DefectDojo mindshare

Product category:
Vulnerability Management
As of August 2025, the mindshare of DefectDojo in the Vulnerability Management category stands at 0.8%, up from 0.1% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Vulnerability Management Market Share Distribution
ProductMarket Share (%)
DefectDojo0.8%
Wiz11.7%
Tenable Nessus8.4%
Other79.1%
Vulnerability Management
 
 
Key learnings from peers

Valuable Features

  • "With the pipeline of detection and DefectDojo, we are able to see the real vulnerabilities, and we fix them."

Room for Improvement

  • "We need something to notify the team responsible for a product when vulnerabilities are found."
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Vulnerability Management Buyer's Guide for additional reliable information.

Top industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
16%
Comms Service Provider
13%
Retailer
8%
Manufacturing Company
7%
Government
6%
Construction Company
4%
Media Company
3%
Healthcare Company
3%
Insurance Company
3%
Performing Arts
3%
Educational Organization
2%
Outsourcing Company
2%
University
2%
Pharma/Biotech Company
2%
Engineering Company
2%
Energy/Utilities Company
2%
Training & Coaching Company
2%
Recreational Facilities/Services Company
2%
Real Estate/Law Firm
1%
Transportation Company
1%
Marketing Services Firm
1%

Compare DefectDojo with alternative products

Go!

Learn more about DefectDojo

DefectDojo supports security teams by facilitating the tracking, managing, and mitigation of vulnerabilities. It centralizes security findings, integrates with different tools, and automates security metrics reporting. Its automation capabilities reduce manual effort, making it indispensable for teams handling large volumes of vulnerabilities. While highly functional, some user feedback suggests there’s room for improvement in documentation and user interface.

What are DefectDojo's most important features?
  • Integration Capability: Seamlessly integrates with numerous security assessment tools to consolidate security findings.
  • Automation: Automates repetitive tasks like report generation and metrics calculation to save time.
  • Scalability: Handles large datasets efficiently, suitable for complex IT environments.
  • Customizable: Offers customization options for workflows and settings to match specific requirements.
What benefits or ROI should users look for in reviews?
  • Improved Efficiency: Streamlined processes enhance team productivity and speed up vulnerability management.
  • Enhanced Security: Comprehensive tracking and reporting improve the security posture of organizations.
  • Cost-Effective: Open-source nature minimizes costs compared to proprietary solutions.
  • Time-Saving: Reduces manual input with automated features, allowing teams to focus on high-priority tasks.

DefectDojo is commonly adopted in industries prioritizing cybersecurity, such as finance, healthcare, and technology, where it is utilized to manage ongoing security assessments and track external threats. Its ability to integrate with specialized tools makes it suitable for environments requiring robust security measures.

Related questions

  • 50
How inadvisable is it to use a single vulnerability analysis tool?
  • 22
What are the benefits of continuous scanning for vulnerability management?
  • 21
When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
  • 16
What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
  • 232
What are the main KPIs that need to be implemented to have better posture in vulnerability projects?
  • 87
Which is the best vulnerability scanner tool?
  • 64
What are your recommended automated penetration testing tools?
  • 43
How do you use the MITRE ATT&CK framework for improving enterprise security?
  • 55
Can you recommend API for Tenable Connector into ServiceNow
  • 12
What penetration testing tool (or tools) do you recommend for SMB/SME?

Product Categories

Product Categories
Vulnerability Management
DevSecOps

Popular Comparisons

Popular Comparisons
GitLab vs DefectDojo Logo
GitLab vs DefectDojo
Tenable Security Center vs DefectDojo Logo
Tenable Security Center vs DefectDojo
Tenable Vulnerability Management vs DefectDojo Logo
Tenable Vulnerability Management vs DefectDojo
Microsoft Defender Vulnerability Management vs DefectDojo Logo
Microsoft Defender Vulnerability Management vs DefectDojo
ArmorCode vs DefectDojo Logo
ArmorCode vs DefectDojo
Faraday vs DefectDojo Logo
Faraday vs DefectDojo
See all alternatives
 
DefectDojo Reviews Summary
Author infoRatingReview Summary
Integration and Solution Architect at a government with 501-1,000 employees4.0DefectDojo serves as our Central Vulnerability Management, consolidating reports from various tools and facilitating easy data sharing across teams. While it efficiently tracks vulnerabilities cost-free, its notification system needs improvement for better team alerts when issues arise.