Defect Dojo is an open source tool for vulnerability management. I will give an introduction into vulnerability management and show how that is implemented with defect dojo
Vulnerability management is a try to integrate finding, managing and mitigating of vulnerabilities in code into your workflow.
It usually starts with some tools to find vulnerabilities in different areas - let it be with image scanning like Trivy and Clair, classical vuln scanning like Nessus, Static code analysis like Sonar or dependency management with the OWASP dependency tracker.
Defect Dojo takes all those reports, dedublicates findings, manages the handling of false positives and gives a Product Owner a tool to the hand how to move that on into your development tracking software like Jira or else.
I will show how all of that works and what advantages this have. Also some insight how its used in a medium size critical infrastructure company.
Licensed to the public under http://creativecommons.org/licenses/by/4.0
This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them.
Please look for "audio tracks" in your desktop video player.