You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: Add non-parser Test Types to product hierarchy documentation (#12419)
Add detailed explanation of the two categories of Test Types in DefectDojo:
- Parser-based Test Types that work with imported scanner output files
- Non-parser Test Types for manual findings creation (API Test, Static Check, Pen Test, Web Application Test, Security Research, Threat Modeling, Manual Code Review)
Clarify that non-parser Test Types appear in the "Scan Type" dropdown when creating a new test but not when importing scans, helping users understand when to use each type.RetryClaude can make mistakes. Please double-check responses.
Copy file name to clipboardExpand all lines: docs/content/en/working_with_findings/organizing_engagements_tests/product_hierarchy.md
+21-3Lines changed: 21 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -112,11 +112,29 @@ Tests are a grouping of activities conducted by engineers to attempt to discover
112
112
Tests always have:
113
113
114
114
* a unique **Test Title**
115
-
* a specific **Test Type (**API Test, Nessus Scan, etc)
115
+
* a specific **Test Type** (API Test, Nessus Scan, etc)
116
116
* an associated test **Environment**
117
117
* an associated **Engagement**
118
118
119
-
Tests can be created in different ways. Scan data can be directly imported to an Engagement, which will then create a new Test containing that data. Tests can also be created in advance without scan data, as part of planning future Engagements.
119
+
Tests can be created in different ways. Tests can be automatically created when scan data is imported directly into to an Engagement, resulting in a new Test containing the scan data. Tests can also be created in anticipation of planning future engagements, or for manually entered security findings requiring tracking and remediation.
120
+
121
+
### **Test Types**
122
+
123
+
DefectDojo supports two categories of Test Types:
124
+
125
+
1.**Parser-based Test Types**: These correspond to specific security scanners that produce output in formats like XML, JSON, or CSV. When importing scan results, DefectDojo uses specialized parsers to convert the scanner output into Findings.
126
+
127
+
2.**Non-parser Test Types**: These are used for manually created findings not imported from a scan files.
128
+
The following Test Types appear in the "Scan Type" dropdown when creating a new test, but will not appear when selecting "Import Scan":
129
+
* API Test
130
+
* Static Check
131
+
* Pen Test
132
+
* Web Application Test
133
+
* Security Research
134
+
* Threat Modeling
135
+
* Manual Code Review
136
+
137
+
Non-parser Test Types should be used when you need to manually create findings that require remediation but don't originate from automated scanner output.
120
138
121
139
#### **How do Tests interact with each other?**
122
140
@@ -163,4 +181,4 @@ Scan data generally will contain references to the hosts or endpoints affected b
0 commit comments