From 88d1c2922e913869a0868e6f7d10eb3f0f52c11a Mon Sep 17 00:00:00 2001 From: Tracy Walker Date: Thu, 8 May 2025 16:24:01 -0600 Subject: [PATCH] docs: Add non-parser Test Types to product hierarchy documentation Add detailed explanation of the two categories of Test Types in DefectDojo: - Parser-based Test Types that work with imported scanner output files - Non-parser Test Types for manual findings creation (API Test, Static Check, Pen Test, Web Application Test, Security Research, Threat Modeling, Manual Code Review) Clarify that non-parser Test Types appear in the "Scan Type" dropdown when creating a new test but not when importing scans, helping users understand when to use each type.RetryClaude can make mistakes. Please double-check responses. --- .../product_hierarchy.md | 24 ++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/docs/content/en/working_with_findings/organizing_engagements_tests/product_hierarchy.md b/docs/content/en/working_with_findings/organizing_engagements_tests/product_hierarchy.md index b7bc370a465..bff5e356e2f 100644 --- a/docs/content/en/working_with_findings/organizing_engagements_tests/product_hierarchy.md +++ b/docs/content/en/working_with_findings/organizing_engagements_tests/product_hierarchy.md @@ -112,11 +112,29 @@ Tests are a grouping of activities conducted by engineers to attempt to discover Tests always have: * a unique **Test Title** -* a specific **Test Type (**API Test, Nessus Scan, etc) +* a specific **Test Type** (API Test, Nessus Scan, etc) * an associated test **Environment** * an associated **Engagement** -Tests can be created in different ways. Scan data can be directly imported to an Engagement, which will then create a new Test containing that data. Tests can also be created in advance without scan data, as part of planning future Engagements. +Tests can be created in different ways. Tests can be automatically created when scan data is imported directly into to an Engagement, resulting in a new Test containing the scan data. Tests can also be created in anticipation of planning future engagements, or for manually entered security findings requiring tracking and remediation. + +### **Test Types** + +DefectDojo supports two categories of Test Types: + +1. **Parser-based Test Types**: These correspond to specific security scanners that produce output in formats like XML, JSON, or CSV. When importing scan results, DefectDojo uses specialized parsers to convert the scanner output into Findings. + +2. **Non-parser Test Types**: These are used for manually created findings not imported from a scan files. +The following Test Types appear in the "Scan Type" dropdown when creating a new test, but will not appear when selecting "Import Scan": + * API Test + * Static Check + * Pen Test + * Web Application Test + * Security Research + * Threat Modeling + * Manual Code Review + +Non-parser Test Types should be used when you need to manually create findings that require remediation but don't originate from automated scanner output. #### **How do Tests interact with each other?** @@ -163,4 +181,4 @@ Scan data generally will contain references to the hosts or endpoints affected b Examples: - https://www.example.com - https://www.example.com:8080/products -- 192.168.0.36 \ No newline at end of file +- 192.168.0.36