Skip to content

getting-started.rst

Latest commit

 

History

History
158 lines (111 loc) · 5.64 KB

getting-started.rst

File metadata and controls

158 lines (111 loc) · 5.64 KB

Getting Started

Demo

If you'd like to check out a demo of DefectDojo before installing it, you can check out our PythonAnywhere demo site.

You can log in as an administrator like so:

/_static/admin-creds.png

You can also log in as a product owner / non-staff user:

/_static/prod-owner-creds.png

Installation

Debian or RHEL based Bash Install Script

There is a script in the main folder called setup.bash that will allow you to interactively install DefectDojo on many Linux-based systems. We do not recommend running DefectDojo as root, but you may do so if you choose. This is the quick version of the installation instructions, but if you want more details about what's going on, check out this wiki page on Ubuntu 14.04 installation (most steps should be applicable to other distributions as well).

You will need:

  • MySQL
  • pip

Recommended:

  • virtualenv

Instructions:

  1. (OPTIONAL) If you haven't already, run mysql_secure_install to set a password for your root MySQL user

  2. (OPTIONAL) Set up a new virtualenv

  3. Create a MySQL user with CREATE privileges, or use root (not recommended)

  4. Run the setup.bash script, entering the required information to create a MySQL database, install dependencies, and set up a Django superuser. If installation is successful, you will see something like the following:

    ==============================================================================

SUCCESS! Now edit your settings.py file in the 'dojo' directory to complete the installation.

When you're ready to start the DefectDojo server, type in this directory:
    1. python manage.py bower install
    2. python manage.py collectstatic
    3. python manage.py runserver

  5. Edit the settings.py file to modify any other settings that you want to change, such as your SMTP server information, which we leave off by default.

  6. Install bower dependencies by running

    python manage.py bower install

  7. Install static files to the correct directories

    python manage.py collectstatic

  8. When you are ready to run DefectDojo, run the server with

    python manage.py runserver

Vagrant Install

Note

We recommend only installing with Vagrant for development / testing purposes. If you are deploying to production, we recommend following the quick :ref:`debian-or-rhel-based-bash-install-script`, or if you're on Ubuntu 14.04, check out this wiki page, on Ubuntu installation, complete with in-depth instructions and explanations.

You will need:

  • Vagrant
  • VirtualBox
  • Ansible

Instructions:

  1. Modify the variables in ansible/vars.yml to fit your desired configuration
  2. Type vagrant up in the repo's root directory
  3. If you have any problems during setup, run vagrant provision once you've fixed them to continue provisioning the server
  4. If you need to restart the server, you can simply run vagrant provision again

By default, the server will run on port 9999, but you can configure this in the vars.yaml file.

Docker Install

There are three versions of Docker Dojo. The first version is a development / testing version, the second is a docker compose file with Nginx, MySQL and DefectDojo and the third is a Docker Cloud file for Docker Cloud.

Docker Local Install

You will need:

  • Latest version of Docker

Instructions:

  1. Run the docker command to pull the latest version of DefectDojo.
    docker run -it -p 8000:8000 appsecpipeline/django-defectdojo bash -c "export LOAD_SAMPLE_DATA=True && bash /django-DefectDojo/docker/docker-startup.bash"
  2. Navigate to: http://localhost:8000 and login with the credentials shown in the terminal.

Docker Compose Install

You will need:

  • Latest version of Docker
  • Latest version Docker Compose

Instructions: `Tastypie`_ #. Clone the Docker Cloud DefectDojo Repo

git clone https://github.com/aaronweaver/docker-DefectDojo
  1. Change directories into the newly created folder.

    cd docker-DefectDojo

  2. Run the setup.bash script which will create a random password for MySQL and Dojo and other setup tasks.

    bash setup.bash

  3. Run Docker Compose.

    To run docker-DefectDojo and see the Dojo logs in the terminal, use: docker-compose up

    To run docker-DefectDojo and get your terminal prompt back, use: docker-compose up -d

  4. Navigate to https://localhost and login with the username and password specified in the setup.bash script.

Docker Cloud Install

Instructions:

  1. Log into `DockerCloud`_.
  2. Click on Stacks and then Create Stack.
  3. Name the Stack, DefectDojo for example.
  4. Copy the Docker Compose file from the `Docker DefectDojo Repo`_.

#. Edit the DOJO_ADMIN_PASSWORD, MYSQL_PASSWORD and MYSQL_ROOT_PASSWORD. Each of these is labeled as: ChangeMe. Note: Make sure the passwords both match for dojo:MYSQL_PASSWORD and mysql:MYSQL_PASSWORD. #. Click 'Create and Deploy' #. Once the services are running then login with the username and password specified in the YAML file.