Quality Assurance and Review

Built-in QA features allow you to review items before publishing, leave inline feedback, and collaborate on findings without leaving Dradis.

Screenshot of the Quality Assurance view

Set your vulnerabilities, summaries, scope, and more for review

When you create, import, or upload vulnerabilities to Dradis, you can set the QA state of issues. You might want to set a manually created issue to a "Draft" state and a Nessus upload to "Ready for review", and then see at a glance where your vulnerabilities are in the process.

Blocks of content such as executive summaries, scopes, etc. can also have their QA state set, so you know which works are draft works-in-progress and which are ready to review or to publish. Several people working on issues at the same time? One person writing vulnerability descriptions while another is checking for false positives? No problem!

Screenshot of Dradis issues QA states

Review and comment inline, across teams

Leave inline comments directly on findings and content blocks inside Dradis. Reviewers can flag specific issues, ask questions, and request changes without leaving the app - and other users are notified about any comments on content they are mentioned in or subscribed to. An on-site tester can provide real-time feedback, a copywriter can ask a technical question on a specific finding, and the whole review thread stays attached to the content it refers to.

While reviewing, use next/previous controls in the QA sidebar to move through items quickly. After updating a QA state, Dradis takes you directly to the next item in your queue.

Screenshot of Dradis QA state and comments

Inline comments in QA

Use inline comments in your QA workflow. Rather than routing feedback through Slack or email threads, leave targeted comments directly on the finding or content block being reviewed.

  • Flag specific issues without ambiguity about which finding you mean
  • Ask technical questions in context, visible to everyone on the project
  • Resolve comments as changes are made - keeping the review trail clean
  • Notifications keep the right people in the loop without noisy all-hands messages

Fewer roundtrips between draft and done. The whole review conversation lives where the work is.

Screenshot of inline comments in the Dradis QA workflow

Publish your content when it's ready

Export your reviewed and published content as it becomes ready, making sure that items in the drafting or review stages are left out. If management wants a preview of everything found so far, you can publish everything, and if you are using the Gateway, users or the client can see changes in real time and provide comments as they go.

Assign reviewer roles to control who has permission to publish. This ensures only approved team members can move content to the final stage, reducing the risk of accidental publication and maintaining review integrity.

Project cards include a summary of how many records are in each QA state—Draft, Ready for Review, or Published—so you can assess review progress at a glance.

Screenshot of Dradis export page with publishing choices

Track every change with detailed revision history

View revision history directly from QA views. See exactly what changed, when it changed, and who made the update—including QA state changes.

  • See every change made to an issue or content block—who changed what, and when
  • Compare versions side by side to quickly spot content differences
  • QA state changes (e.g. Draft → Published) are recorded alongside content edits for full accountability
Revision history from the QA dashboard

Deployment that adapts to your needs

See plans

Seven Strategies To Differentiate Your Cybersecurity Consultancy

You don’t need to reinvent the wheel to stand out from other cybersecurity consultancies. Often, it's about doing the simple things better, and clearly communicating what sets you apart.

  • Tell your story better
  • Improve your testimonials and case studies
  • Build strategic partnerships

Your email is kept private. We don't do the spam thing.