Early-access feature provides transformative automation capabilities for vulnerability findings

DefectDojo Launches Rules Engine for Next-Level Vulnerability Automation

Media

defectdojo@cracklepr.com

DefectDojo, the pioneer in scalable unified vulnerability management and DevSecOps, today announced the release of the DefectDojo Rules Engine, available in early access for DefectDojo Pro users. With this feature, teams can create rules to automatically manipulate, edit, enhance, add custom remediation advice, escalate, or de-escalate specific findings, enabling security teams to better prioritize major issues or further enhance findings from their security tools without significant human intervention or manual effort.

In 2024, over 40,000 common vulnerabilities and exposures (CVEs) were released, an increase of over 38% compared to 2023 numbers. With new CVEs flooding in and previously-discovered CVEs continuing to be exploited, cybersecurity professionals find themselves fatigued by sifting through findings to determine which are really threats and which are not, rather than addressing them individually. The Rules Engine helps professionals tame their vulnerability data and ensure that issues are appropriately prioritized.

“As tech stacks grow, so do threat surface areas and the likelihood of vulnerabilities. To keep their organizations secure, cybersecurity teams need a way to surface the most pressing findings with as few actions as possible,” said Greg Anderson, CEO of DefectDojo. “We designed the Rules Engine to meet these needs for teams and enterprises of all sizes in a flexible, scalable way. It’s a major step forward in automating low-level cybersecurity tasks, freeing up resources and team members to address higher-level threats and overall security strategy in a more timely manner.”

The Rules Engine can adapt to suit each team’s specific needs. For example, certain findings or types of findings can automatically be assigned to various users to be addressed. The feature can also automatically tag findings for needed actions. Teams can set their own criteria for what merits escalation or de-escalation, and the Rules Engine will then apply those criteria to each finding added to Dojo Pro.

Finally, actions can be taken on key data points such as Exploit Prediction Scoring or reachability to make adjustments like changing a finding’s severity or accepting the risk across a group of findings for a given application, business unit, or across all applications in your organization. Previously, to take these kinds of actions, cybersecurity professionals using Dojo Pro or other platforms would need to write their own custom programming or perform multiple API calls for every scan they processed.

With over 38 million downloads, DefectDojo’s community of customers and users encompasses security professionals spanning from Fortune 10 companies to solo consultants. The only open-source solution in the unified vulnerability management space, the platform offers a comprehensive approach to both managing and improving security postures by aggregating data from various security tools, distilling and automatically triaging the results, automating workflows, and delivering actionable insights to ensure vulnerabilities are effectively identified, tracked, prioritized, and mitigated across the entire organization.

To inquire about Dojo Pro and early access to the Rules Engine, contact hello@defectdojo.com.

About DefectDojo

DefectDojo is the engine that drives DevSecOps, providing an open, scalable platform that connects security strategy to execution. By aggregating data from any security tool, automating manual processes, and delivering AI-powered insights, DefectDojo empowers organizations to have a unified view of security posture, automate operations to increase productivity and improve decision-making. For more information, visit defectdojo.com

View source version on businesswire.com: https://www.businesswire.com/news/home/20250225299664/en/