Dradis Framework 3.0: A New Hope

It's been a long time since we published an update about or little project, more exactly 1005 days. That's a over three years. Let me tell you why, what happened and what comes next.


We're alive, a new version of Dradis is ready for you to download, we've got a new forum, a new website and renewed energies. Exciting times ahead!

What happened? The freeze and restart of Dradis Community Edition

The Dradis Framework open-source project was born in 2007 and continued to evolve for a few years. Throughout the years, as it is common in an open-source project, maintainers and contributors came and went, and things dwindled down a little bit. We had some pretty amazing community support that helped us hunt down bugs and fix minor quirks, but in the end I (Daniel, @etdsoft) was the last man standing doing active development.

At some point, security consulting companies started approaching us to provide a commercially supported version of the platform, with additional features, official support channels, etc. It sounded like a really interesting opportunity / challenge. We announced Dradis Professional Edition in July 2011. Things were good and we released new versions of the Community Edition in August, October and February 2012 (see our release timeline).

Then things started to get really tricky. More and more teams were interested in Dradis Pro, and I had to make some pretty tough choices. I managed to keep fixing bugs and pushing things forward for a little bit to the point we had a never-released v2.10 version of the framework in our git repo, but without too much time in my hands I couldn't architecture things to keep both editions of the platform (Community and Professional) active, in the end the two code bases started to diverge.

By the end of 2013 I was trying to juggle a 9-to-5 job, supporting the open-source community and bootstrapping Security Roots, the company behind the new commercial edition of Dradis (oh, and having a personal life too - my first daughter was born in Aug 2012). I took a 3-month sabbatical from my corporate gig to try to get things back on track, with the idea of continuing pushing through doing everything in parallel. As soon as the break ended and I got back to work I realised it wouldn't work. I was not going to be able to do a god job at my 9-to-5, launch a business and take care of my family all at once. In February 2014 I resigned and went on to dedicate 100% of my energies to Security Roots.

Things have been great so far (touch wood everyone!), we're now serving 200+ teams in 31 countries. I no longer have to split my time between so many work streams and as a result I can get better results. More freedom and more resources is exactly what was needed to get the Community edition of Dradis back on track.

It all started with a nudge from the ToolsWatch team (thanks NJ and @maxisoler), it was time for us to get back to work on Dradis Community. Those of you that had a chance to catch up with us at the Arsenal of BlackHat last year already have seen a teaser of what would eventually become Dradis 3, for rest of you... please keep reading.

What's new in Dradis 3.0?

Pretty much everything. Dradis 3 is a complete rewrite of our code base. We've kept the same concepts you're familiar with (notes, nodes, attachments, etc.) but everything else is new.

  • We've got a new look and feel, checkout the screenshots.
  • We've introduced the concept of Issues and Evidence (instead of having just notes).
  • The code is cleaner, more modular and easier to maintain.
  • We have extracted each of our tool connectors into their own repositories. See our Add-ons page.
  • We've improved the installation process: download one file and run. As good as it sounds (see below).

I think that a picture in this case explains it better, according to our GitHub activity graph, we've been busy:

Downloading Dradis 3

No more dependency hell or tinkering with Ruby versions. We're now leveraging the excellent Traveling Ruby project to provide self-contained packages for Linux and Mac (Windows soon to come).

The download is bundled with a Ruby interpreter and all the libraries and dependencies that you need. Nothing to install, just extract and run. Give it a try:


A stronger community

A few months ago we also updated our community forums. Even though we were in a semi-stealth mode back then, people managed to find the forums and started having troubleshooting and feature request conversations.

We're hoping that the forums become the easiest way to exchange information with the project maintainers but also between Dradis users. Without further ado, the new home for our community:


The forums are powered by the open-source Discourse platform, which by the way, is another excellent FOSS that touches on many areas of Ruby, Rails and Docker (if you are interested in such things).

A cleaner website

The truth is that the code for Dradis 3.0 (or to be perfectly precise, the first release candidate) has been ready for a few days. But we couldn't bear the thought of doing the first release in 3 years and still use our old website. Don't get me wrong, we loved the website and it served us nicely, but it didn't age well.

This is why today we're also presenting a new, cleaner and modern website:


We're using the excellent Middleman static website generator and we have published the source of the site in our GitHub's page: dradis/website. If you spot an error or something that could be improved, pull requests are welcomed!

BTW, we know our blog theme still matches the old website, please give us a break! We didn't want to delay the release / news of Dradis 3 any longer, we'll get around fixing the blog soon!

What's next?

Our immediate goal is to get to a Dradis 3.0 final release as soon as possible. We need your help to test and iron out the last few quirks.

Oh, and please help us spread the word: Dradis 3.0 is out, everyone should check it out!