django-DefectDojo 正在参加 2021 年度 OSC 中国开源项目评选,请投票支持!
django-DefectDojo 在 2021 年度 OSC 中国开源项目评选 中已获得 {{ projectVoteCount }} 票,请投票支持!
2021 年度 OSC 中国开源项目评选 正在火热进行中,快来投票支持你喜欢的开源项目!
2021 年度 OSC 中国开源项目评选 >>> 中场回顾
django-DefectDojo 获得 2021 年度 OSC 中国开源项目评选「最佳人气项目」 !
授权协议 BSD-3-Clause License
开发语言 Python
操作系统 跨平台
软件类型 开源软件
所属分类 云计算云原生
开源组织
地区 不详
投 递 者 首席测试
适用人群 未知
收录时间 2021-11-10

软件简介

DefectDojo

OWASP Flagship GitHub release YouTube Subscribe Twitter Follow

Unit TestsIntegration Tests CII Best Practices

Screenshot of DefectDojo

DefectDojo is a security orchestration and vulnerability management platform. DefectDojo allows you to manage your application security program, maintain product and application information, triage vulnerabilities and push findings to systems like JIRA and Slack. DefectDojo enriches and refines vulnerability data using a number of heuristic algrothims that improve with the more you use the platform.

Demo

Try out the demo sever at demo.defectdojo.org

Log in with admin / defectdojo@demo#appsec. Please note that the demo is pubicly accessable and regularly reset. Do not put sensitive data in the demo.

Quick Start

git clone https://github.com/DefectDojo/django-DefectDojo
cd django-DefectDojo
# building
docker-compose build
# running
docker-compose up
# obtain admin credentials. the initializer can take up to 3 minutes to run
# use docker-compose logs -f initializer to track progress
docker-compose logs initializer | grep "Admin password:"

Navigate to http://localhost:8080.

Documentation

Getting Started

REST APIs

Client APIs and Wrappers

Release and Branch Model

Contributing

Roadmap

Wishlist

Supported Installation Options

Community, Getting Involved, and Updates

Slack LinkedIn Twitter Youtube

Join the slack community and discussion! Realtime discussion is done in the OWASP Slack Channel, #defectdojo. Follow DefectDojo on Twitter, Linkedin, and YouTube for project updates!

Commercial Support and Training

Commercial support and training is availaible through 10Security.

10Security was founded by the creators of DefectDojo. For information please email info@10security.com or visit our site.

About Us

DefectDojo is maintained by:

Project Moderators

Project Moderators can help you with pull requests or feedback on dev ideas.

Hall of Fame

  • Charles Neill (@ccneill) – Charles served as a DefectDojo Maintainer for years and wrote some of Dojo's core functionality.
  • Jay Paz (@jjpaz) – Jay was a DefectDojo maintainer for years. He performed Dojo's first UI overhaul, optimized code structure/features, and added numerous enhancements.

Sponsors

10Security ISAAC Tim Pagel Cloudbees ARRIVAL WeHackPurle MiabornWolff

License

DefectDojo is licensed under the BSD Simplified license

展开阅读全文

代码

评论

点击引领话题📣 发布并加入讨论🔥
暂无内容
发表了博客
{{o.pubDate | formatDate}}

{{formatAllHtml(o.title)}}

{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
没有更多内容
暂无内容
发表了问答
{{o.pubDate | formatDate}}

{{formatAllHtml(o.title)}}

{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
没有更多内容
暂无内容
NumPy 安全漏洞
空指针解引用
** 有争议 ** 由于缺少返回值验证,NumPy < 中的 numpy.sort 和 PyArray_DescrNew 函数中的 1.19 中存在空指针取消引用漏洞,这使得攻击者可以通过重复创建排序数组来进行 DoS 攻击。注意:虽然正确的是缺少验证,但只有内存耗尽才会发生错误。如果用户可以耗尽内存,则他们已经拥有特权。此外,实际上不可能构建一个可以针对恰好在此位置发生的内存耗尽的攻击。
CVE-2021-41495 MPS-2021-32278
2022-08-08 19:00
没有更多内容
加载失败,请刷新页面
点击加载更多
加载中
下一页
0 评论
0 收藏
分享
OSCHINA
登录后可查看更多优质内容
返回顶部
顶部