Product

In DefectDojo, a "product" is an entity that represents a specific application, system or software project within its environment. Essentially, a DefectDojo product is a way to organize and manage vulnerabilities related to a particular application or project. Here is a more detailed explanation of what a DefectDojo product entails:

Creation

To create a product, go to the sidebar, click on the three dots with three dashes icon and select "Add product". This will take us to the next window.

In this form we will have the following fields to fill in:

• Name: Name of the asset. (Required)
• Description: Product description. (Required)
• Tags: Tags to organize projects by work groups, importance...
• Product manager: Product manager
• Technical contact: Technical contact
• Team manager: Manager of the team that manages the product
• Product Type: Type of product (Systems, webapp...) you can add all the necessary (Required)
• SLA Configuration: Response time for incident resolution. (Required)
• Regulations: On what legal basis the product is established.
• Business criticality: The criticality of the asset for the organization.
• Platform: What type of platform is the product.
• Lifecycle: Product life cycle.
• Origin: The origin of the software( OpenSource, Internal...)
• User records: Estimated users using the application
• Revenue: Estimated application profit.
• External audience: Internal or external application
• Enable Product Tag Inheritance: If enabled, tags are inherited between Engagement, Tests and Searches.
• Internet accessible: It is accessible from the Internet
• Enable simple risk acceptance: Enables a checkbox for simple risk acceptance.
• Enable full risk acceptance: Enable full risk acceptance
• Disable SLA breach notifications: Disables SLA breaches

Once created, we already have our product where we will add the information of the different vulnerabilities.