Skip to content

docs: Add non-parser Test Types to product hierarchy documentation #12419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Maffooch merged 1 commit into from
May 15, 2025
Merged

docs: Add non-parser Test Types to product hierarchy documentation #12419

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 21 additions & 3 deletions ...tent/en/working_with_findings/organizing_engagements_tests/product_hierarchy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,11 +112,29 @@ Tests are a grouping of activities conducted by engineers to attempt to discover
Tests always have:

* a unique **Test Title**
* a specific **Test Type (**API Test, Nessus Scan, etc)
* a specific **Test Type** (API Test, Nessus Scan, etc)
* an associated test **Environment**
* an associated **Engagement**

Tests can be created in different ways. Scan data can be directly imported to an Engagement, which will then create a new Test containing that data. Tests can also be created in advance without scan data, as part of planning future Engagements.
Tests can be created in different ways. Tests can be automatically created when scan data is imported directly into to an Engagement, resulting in a new Test containing the scan data. Tests can also be created in anticipation of planning future engagements, or for manually entered security findings requiring tracking and remediation.

### **Test Types**

DefectDojo supports two categories of Test Types:

1. **Parser-based Test Types**: These correspond to specific security scanners that produce output in formats like XML, JSON, or CSV. When importing scan results, DefectDojo uses specialized parsers to convert the scanner output into Findings.

2. **Non-parser Test Types**: These are used for manually created findings not imported from a scan files.
The following Test Types appear in the "Scan Type" dropdown when creating a new test, but will not appear when selecting "Import Scan":
* API Test
* Static Check
* Pen Test
* Web Application Test
* Security Research
* Threat Modeling
* Manual Code Review

Non-parser Test Types should be used when you need to manually create findings that require remediation but don't originate from automated scanner output.

#### **How do Tests interact with each other?**

Expand Down Expand Up @@ -163,4 +181,4 @@ Scan data generally will contain references to the hosts or endpoints affected b
Examples:
- https://www.example.com
- https://www.example.com:8080/products
- 192.168.0.36
- 192.168.0.36