Dradis is a pentest management and reporting platform designed for security consultancies and internal security teams. It provides a self-hosted, open-source-core solution (licensed under GPLv2) that centralizes the entire penetration testing engagement lifecycle — from scoping and client questionnaires through findings documentation, report generation, and remediation tracking. The platform's core components include an Issue Library, a Rules Engine, and methodology tracking tools. The Issue Library accumulates vetted findings over time, allowing teams to reuse and refine descriptions, severity rationales, and remediation guidance across engagements. The Rules Engine translates output from 47+ integrated security scanners (including Nessus, Burp Suite, Qualys, Nmap, OpenVAS, and others) into a team's own taxonomy and severity ratings. Dradis supports automated report generation using customizable templates, built-in QA workflows, revision tracking, and an audit log. A client-facing branded portal ("Dradis Gateway") enables real-time sharing of findings and remediation tracking, with integrations to tools like Jira and ServiceNow. The platform is deployable on-premises, in private cloud environments, air-gapped networks, or major public cloud providers (AWS, Azure, GCP), giving organizations full control over their data and infrastructure. It is positioned as an alternative to both manual reporting processes and cloud-based SaaS pentest management tools. Dradis targets penetration testing consultancies and corporate security teams. It offers a Pro (commercial) edition alongside its open-source community version, with per-user monthly pricing tiers.