Hi sorry forgot to answer, just stumbled over this question again.

I don't think there is a (open source) alternative to DefectDojo which comes close to the quality and level of integrations as Defect Dojo has when it comes to the vulnerability management.

The "main" alternative to DefectDojo in the secureCodeBox is Elasticsearch / Kibana. Which is pretty good to save and analyse a large number of infrastructure level findings (like network, ssh, tls scan results) as these are pretty reliable / the false positive rate is pretty low. You can scan your whole networks / infrastructure every day and dump all results into elasticseach and always just look at the results from the last 24hours.

Where this falls short is (web) application level scanners which usually produce a high number of findings of which a way higher percentage are false positives which make it really hard to analyse them in Elasticsearch as you don't have a good way to mark & detect false positives in it like you have in DefectDojo.