Hi DefectDojo team,
First of all, thank you for providing and maintaining such a great platform—DefectDojo has been invaluable to our security workflow.
My name is Muhammed, and I work in a developer team that is currently rolling out DefectDojo company-wide across our enterprise. During this rollout we encountered a usability gap around user housekeeping that has become increasingly painful at our scale.
Is your feature request related to a problem? Please describe.
Yes.
As administrators we need to regularly remove accounts that are no longer active (e.g., employees who left the company or whose permissions were revoked).
Today each user must be:
- selected manually in Users,
- deleted individually, and
- confirmed in a separate dialog.
With dozens or hundreds of stale accounts this process is extremely time-consuming and error-prone.
Describe the solution you’d like
As an administrator, I want a bulk-cleanup mechanism so that I can quickly remove multiple inactive users in one action.
-
UI idea
- Add multi-select check-boxes (or a “Select all matching” option) in the Users view.
- Provide filters for “Last login before <date>” and “Is active = False” to identify stale accounts.
- Offer a single Delete selected button with one confirmation dialog for the whole batch.
-
API idea
- Expose an endpoint such as
DELETE /api/v2/users/bulk that accepts a list of user IDs or a query parameter (e.g., ?inactive_since=2024-06-01) and deletes them in one call.
- Return a summary of deletions (success / failures) for audit logging.
Either (or both) of these changes would make housekeeping a matter of seconds instead of hours.
Describe alternatives you’ve considered
- Writing a custom script that calls the existing API and deletes users one by one
- Works, but duplicates logic that could live in core and still triggers many individual delete calls.
- Disabling instead of deleting
- Mitigates risk but stale accounts still clutter views and reports.
- Relying on LDAP/SSO de-provisioning
- Helpful, yet former users remain in the database and UI until manually purged.
None of these options solve the underlying scalability issue within DefectDojo itself.
Additional context
- DefectDojo version 2.46 behind corporate SSO (OIDC)
- Typical user base: ≈3 000 accounts, of which 15–20 % become inactive each quarter
Thank you for considering this enhancement!
Hi DefectDojo team,
First of all, thank you for providing and maintaining such a great platform—DefectDojo has been invaluable to our security workflow.
My name is Muhammed, and I work in a developer team that is currently rolling out DefectDojo company-wide across our enterprise. During this rollout we encountered a usability gap around user housekeeping that has become increasingly painful at our scale.
Is your feature request related to a problem? Please describe.
Yes.
As administrators we need to regularly remove accounts that are no longer active (e.g., employees who left the company or whose permissions were revoked).
Today each user must be:
With dozens or hundreds of stale accounts this process is extremely time-consuming and error-prone.
Describe the solution you’d like
As an administrator, I want a bulk-cleanup mechanism so that I can quickly remove multiple inactive users in one action.
UI idea
API idea
DELETE /api/v2/users/bulkthat accepts a list of user IDs or a query parameter (e.g.,?inactive_since=2024-06-01) and deletes them in one call.Either (or both) of these changes would make housekeeping a matter of seconds instead of hours.
Describe alternatives you’ve considered
None of these options solve the underlying scalability issue within DefectDojo itself.
Additional context
Thank you for considering this enhancement!