GUIDE / manual
Bug Report Template: How to Write a Great Defect Report
Learn how to write a bug report with a clear template, steps to reproduce, severity vs priority, expected vs actual results, and examples developers trust.
Developers fix what they can reproduce; adjectives and urgency labels alone do not ship patches. How to write a bug report that gets fixed focuses on what failed, where, exact steps, expected vs actual, and why it matters, so the defect does not die in "cannot reproduce" ping pong.
This guide gives you a practical bug report template, field by field instructions, severity versus priority guidance, before and after examples, evidence tips, and common mistakes. You can use it in Jira, Linear, Azure DevOps, GitHub Issues, or a spreadsheet.
What Is a Bug Report?
A bug report, also called a defect report, is a structured record of observed incorrect behavior in software. It documents the conditions, steps, expected result, actual result, impact, and evidence needed to investigate and fix the issue.
A bug report is different from a test case. A test case defines how to verify expected behavior. A bug report records a failure found during that verification or during exploration. If you need both skills, pair this guide with how to write test cases.
A bug report is also different from a vague complaint. "Checkout is broken" is a signal. A bug report turns that signal into an actionable engineering artifact.
Why Bug Report Quality Matters
High quality reports:
- Reduce time to first useful developer action.
- Improve fix accuracy on the first attempt.
- Create a searchable history of product risk.
- Support release decisions with real evidence.
- Teach the team where tests and requirements are weak.
Low quality reports:
- Generate "need more info" loops.
- Get closed as cannot reproduce.
- Hide multiple bugs inside one ticket.
- Inflate defect counts without improving quality.
- Damage trust between QA and engineering.
In many teams, the difference between a junior and senior tester shows up first in defect communication.
Bug Report Template with Steps to Reproduce
Use this template as your default.
Title:
ID / Key:
Product / Module:
Environment:
Build / Version:
Browser / Device / OS:
URL / Screen / API endpoint:
User role:
Severity:
Priority:
Status:
Summary:
Preconditions:
Test data:
Steps to reproduce:
1.
2.
3.
Expected result:
Actual result:
Impact:
Workaround:
Attachments / evidence:
Related stories / requirements / tests:
Notes / questions:
Copy Friendly Minimal Version
If your tracker has custom fields, still ensure these exist somewhere in the body:
Title:
Environment + build:
Steps:
Expected:
Actual:
Evidence:
Severity / priority:
Field by Field: How to Write Each Part
Title
The title is a search result and a triage headline. Make it specific.
Weak titles:
- Login issue
- Button not working
- Payment bug
- Weird error
Strong titles:
- Login shows 500 error when password contains trailing space
- Apply coupon button remains disabled after valid code entry on mobile Safari
- Invoice PDF exports previous order totals after customer switches account
A good pattern:
[Where] [what fails] [under what condition]
Summary
One or two sentences that restate the failure and impact.
Example:
On checkout with a valid SAVE20 coupon, refreshing the page duplicates the discount and undercharges the order. This can create revenue loss and incorrect order totals.
Environment
Bugs often depend on environment. Include:
- Test, staging, production, or local.
- Build number or commit.
- Browser and version.
- OS and device.
- Feature flags if known.
- Region, locale, or timezone when relevant.
- API environment or tenant.
Example:
Environment: Staging
Build: web-1.18.3-rc.2
Browser: Chrome 126
OS: macOS 14.5
Role: Buyer
Flag: checkout_v2 = on
Preconditions
State what must already be true.
Examples:
- User is logged in as a verified buyer.
- Cart contains one eligible item.
- Coupon SAVE20 is active and unused for this user.
- Wallet balance is 0.
Missing preconditions are a top cause of cannot reproduce.
Test Data
Include the exact values that matter. Mask secrets, but do not hide the structure of the data.
Good:
User: buyer.reload@example.com
Product: SKU-114 (in stock)
Coupon: SAVE20
Payment method: Test card 4242
Avoid:
Use a normal user and some coupon.
Steps to Reproduce
Numbered steps. Observable actions. No mind reading.
Weak steps:
1. Go to checkout
2. Try coupon
3. See bug
Strong steps:
1. Log in as buyer.reload@example.com.
2. Add SKU-114 to the cart.
3. Open checkout.
4. Enter coupon code SAVE20 and apply it.
5. Confirm the discount shows 20 percent once.
6. Refresh the browser page.
7. Observe the order summary discount and payable total.
If the bug is intermittent, say so and include approximate frequency, timing, or race conditions you noticed.
Expected Result vs Actual Result
This pair is the heart of the report. Write both explicitly.
Expected result describes correct product behavior according to requirements, design, or reasonable user expectation when requirements are silent.
Actual result describes what the software did.
Weak:
Expected: works
Actual: does not work
Strong:
Expected result:
- Coupon remains applied once after refresh.
- Discount amount stays 20 percent of eligible subtotal.
- Payable total does not decrease again.
Actual result:
- After refresh, discount lines appear twice.
- Payable total is reduced by 40 percent.
- Order review page shows duplicated coupon row.
Learning how to write clear expected vs actual results prevents arguments about whether something is "really a bug."
Impact
Impact explains why someone should care.
Examples:
- Users cannot complete purchase.
- Admin can view another tenant's invoices.
- Report totals are wrong for finance export.
- Accessibility: keyboard users cannot dismiss modal.
- Data loss: unsaved draft disappears without warning.
Impact connects technical failure to product risk.
Severity vs Priority in Defect Reporting
Teams often mix these fields. Keep them distinct.
| Field | Meaning | Decided mainly by |
|---|---|---|
| Severity | How bad the technical or user impact is | QA observation + product risk |
| Priority | How soon it should be fixed | Product + engineering + release context |
Examples:
| Scenario | Severity | Priority |
|---|---|---|
| Checkout crash for all users | Critical | P0 now |
| Rare UI misalignment on old browser | Low | P3 later |
| Wrong company logo on launch landing page day before campaign | Minor functionally | P0 or P1 business priority |
| Security IDOR on invoices | Critical | P0 |
| Typo in deep help article | Trivial | Low |
Suggested severity scale:
- Critical / Blocker: crash, data loss, security breach, main flow completely blocked.
- Major / High: major feature broken with no practical workaround.
- Medium: important feature impaired, workaround exists.
- Low / Minor: limited impact, cosmetic or edge issue.
- Trivial: polish nits with negligible user harm.
Priority labels vary by tool (P0-P3, High-Low). Align with team definitions and do not invent personal scales mid-release.
Evidence
Attach what shortens investigation:
- Screenshots with the failure visible.
- Screen recordings for interaction bugs.
- HAR files or network logs for API failures.
- Console errors.
- Server correlation IDs if available.
- Database or response payloads in staging, redacted as needed.
- Comparison screenshot of expected design when visual.
Name files usefully:
checkout-duplicate-coupon-after-refresh.mp4
invoice-idor-userA-sees-userB.png
Workaround
If users or testers can bypass the issue, document it. Workarounds affect priority and support guidance.
Example:
Workaround: do not refresh checkout after applying a coupon. Completing payment in the same page load charges the correct amount.
Related Links
Link to:
- User story or requirement.
- Figma or design.
- Test case ID.
- Previous related defects.
- Pull request if already suspected.
Traceability helps fix verification and future regression design.
Defect, Bug, and Failure: Practical Language
You will hear these terms used loosely.
- Failure: the system behaved incorrectly during observation.
- Defect / bug: the underlying flaw that caused or can cause failures.
- Error: often used for human mistakes in code or requirements, depending on the textbook.
In daily work, write clearly about observed behavior first. Terminology debates do not fix production. Still, knowing the distinctions helps in interviews and process docs inside the software testing life cycle.
How to Write a Bug Report Developers Will Act On
Rule 1: Make It Reproducible
If you can reproduce it, write the shortest reliable path. If you cannot reproduce it consistently, say that and provide patterns:
Intermittent: failed 3 of 10 attempts
Appears more often on slow 3G throttling
First noticed after enabling checkout_v2 flag
Rule 2: Report One Problem per Ticket
Do not combine unrelated issues:
- Coupon duplication
- Footer typo
- Dark mode contrast problem
Those are three tickets or one ticket plus linked nits, depending on process. Mixed tickets create partial fixes and messy retests.
Rule 3: Separate Facts from Interpretation
Facts:
API returned 500 with request ID abc-123 after submit.
Interpretation:
Maybe the payment service is down because of yesterday's deploy.
Both can be useful, but label hypotheses as notes, not as proven root cause.
Rule 4: Use Product Language for Impact
Developers can inspect stack traces. They still need product context:
Customers paying with saved cards cannot complete orders on mobile Chrome. This blocks mobile revenue.
Rule 5: Be Respectful and Specific
Avoid:
Dev clearly did not test this at all.
Prefer:
Valid card payment fails on mobile Chrome 126 with a 500 after Pay click. Desktop Chrome succeeds with same user and card.
Tone does not replace rigor, but bad tone slows collaboration.
Full Example: Weak vs Strong Bug Report
Weak Report
Title: Payment broken
Steps: try to pay
Expected: success
Actual: error
This will bounce.
Strong Report
Title: Saved card checkout returns 500 on mobile Chrome when CVV is empty by design
Environment: Staging, build web-1.18.3-rc.2
Browser/Device: Chrome 126 on Pixel 7, Android 14
Role: Returning buyer with one saved Visa
Preconditions:
- User has a saved card on file
- Cart has SKU-114
- Feature flag saved_cards_v2 is enabled
Steps to reproduce:
1. Log in as buyer.savedcard@example.com.
2. Add SKU-114 to cart and open checkout.
3. Select the saved Visa ending 4242.
4. Leave CVV blank if the field is shown, or proceed if CVV is not requested.
5. Tap Pay now.
6. Observe the result and network response.
Expected result:
- Payment either completes successfully for a vaulted card flow that does not require CVV, or the UI blocks submit with a clear CVV required message.
- No unhandled 500 error.
- User sees a recoverable state.
Actual result:
- UI shows generic "Something went wrong".
- Network tab shows POST /api/payments/charge -> 500.
- Request ID: pay_9f3c2a.
- User remains on checkout with cart intact.
Impact:
- Returning mobile users cannot complete purchase with saved cards.
- Potential mobile conversion loss.
Severity: Critical
Priority: P0
Evidence: screenshot + HAR + 15s screen recording attached
Related: story PAY-221, test case TC-PAY-014
The strong report is longer, but it saves multiple conversation cycles.
Special Bug Types and How to Report Them
Visual Bugs
Include viewport size, browser, and expected design reference. Mark if it is cosmetic only or if it hides functionality.
Data Bugs
Include record IDs, before and after values, and whether refresh or re-login changes the result.
Permission Bugs
Include both roles used, exact resource IDs, and whether horizontal or vertical privilege is involved. Security issues may need private handling.
Performance Bugs
Include timing measurements, environment load conditions, and whether the issue is lab only or user visible. Avoid "feels slow" without numbers when possible.
List page took 9.8s to become interactive on staging with 20k projects for this tenant.
Expected under current SLO: under 3s for this dataset size.
Intermittent Bugs
Capture frequency, logs, and any correlation with concurrency, cache, or network. Do not overclaim certainty.
Regression Bugs
State what used to work, when it last worked if known, and whether a recent deploy or feature flag correlates. This helps bisect.
Lifecycle of a Bug After You File It
Typical flow:
- New / open
- Triaged (severity, priority, owner)
- In progress
- Fixed / ready for retest
- Verified or reopened
- Closed
Your job after filing:
- Answer clarification quickly.
- Retest on the build that claims the fix.
- Add a regression test case when the risk deserves it.
- Close with evidence, not hope.
For suite placement after fixes, see smoke vs sanity vs regression testing. Many fixes need a sanity retest plus a long term regression case.
Writing Bugs Found in Exploratory Testing
Exploratory sessions produce notes first, tickets second. During a session, capture raw observations quickly. After the session, convert solid failures into clean reports.
Session note:
11:20 checkout refresh doubled coupon, total wrong, screenshot 4
Ticket later: full template with polished steps.
Do not file twenty half-written thoughts as defects. File confirmed issues and keep questions in session notes. More on that craft in the exploratory testing guide.
Bug Report Review Checklist
Before you click Create:
- Title is searchable and specific.
- One issue only.
- Environment and build are present.
- Preconditions and data are enough to start.
- Steps are numbered and complete.
- Expected and actual are both explicit.
- Impact is clear.
- Severity is justified by impact.
- Priority suggestion matches release context if you provide one.
- Evidence is attached and readable.
- Secrets are redacted.
- Related story or test links are included when known.
- Intermittent nature is stated if applicable.
- Tone is professional.
Common Mistakes When Writing Bug Reports
Mistake 1: Vague Titles and No Actual Result
If the title is "issue" and the body says "not working," nobody can triage well.
Mistake 2: Missing Environment Details
Many defects exist only with a flag, role, browser, or tenant. Omit those and you invite cannot reproduce.
Mistake 3: Expected Result Copied as Wishful Thinking
Expected results should map to requirements or agreed behavior. If requirements are silent, say what you assumed and ask for product confirmation.
Mistake 4: Steps That Start in the Middle
"Click save again" is useless without the path to the screen and the data already entered.
Mistake 5: Severity Inflation
Marking every bug critical trains teams to ignore severity. Protect critical for true blockers and severe harm.
Mistake 6: Logging Opinions as Facts
"This is ugly" may be valid UX feedback, but design feedback and functional defects should be labeled clearly.
Mistake 7: No Evidence for UI or Timing Issues
A short recording can replace five paragraphs. Attach it.
Mistake 8: Closing Without Retest Notes
When verifying a fix, write what build you tested and what you checked. Future readers need that trail.
Team Conventions That Improve Defect Quality
- Shared severity definitions in the wiki.
- Required template fields in the tracker.
- Example of a great report pinned for new hires.
- Private security defect path.
- Tagging for
regression,blocker,data-loss,security. - Weekly triage so tickets do not rot.
Templates do not replace thinking, but they prevent avoidable omissions.
Collaboration Patterns That Speed Up Fixes
During Triage
Join triage with facts ready:
- Can we reproduce on latest build?
- Is there a workaround?
- Who is affected (all users, one role, one browser)?
- Did this start after a known deploy?
If you cannot attend triage, put those answers in the ticket so decisions do not wait on you.
During Investigation
Developers may ask for more logs or a narrower reproduction. Respond with updated steps rather than rewriting history silently. Add a comment:
Update: reproduced on build 1.18.4 as well.
Narrowed steps: refresh is not required if the user opens checkout in two tabs and applies the coupon in both.
New evidence: recording-2.mp4 attached.
During Retest
When a fix returns:
- Deploy or select the build that claims the fix.
- Run the original steps exactly.
- Run at least one nearby path if the fix was risky.
- Record pass or reopen with fresh evidence.
- Link any new regression case you added.
Retest comments should include build ID. "Looks good" without a build is weak history.
Writing Bugs for APIs and Backend Failures
UI is not the only place defects appear. For API issues:
Title: POST /api/orders returns 500 when shippingCountry is IN and cart has mixed tax categories
Environment: staging API gateway
Auth: bearer token for buyer role
Request:
method: POST
path: /api/orders
body: { ...minimal failing payload... }
Expected: 201 with order id, or 422 with validation details if business rule forbids mix
Actual: 500 with request id ord_41af
Impact: checkout cannot complete for mixed tax carts in India
Include headers that matter (content type, auth style), minimize the payload, and never paste production secrets.
Accessibility Defects Deserve Clear Structure
Accessibility bugs are real product defects. Write them with the same rigor:
Title: Checkout pay button is not keyboard reachable when promo drawer is open
Steps:
1. Open checkout with keyboard only.
2. Open promo code drawer with Enter on the promo control.
3. Attempt to Tab to Pay now.
Expected: Pay now remains reachable or drawer manages focus with a clear close action and returns focus.
Actual: Focus cycles inside drawer controls only; Esc does not close; mouse is required to pay.
Impact: Keyboard users cannot complete purchase when promo UI is open.
Severity: High
Evidence: screen recording with focus outlines visible
Mention assistive tech only when you used it (for example NVDA). Do not guess screen reader behavior you did not observe.
Templates for Different Trackers
Jira Style Fields Mapping
| Template field | Jira idea |
|---|---|
| Title | Summary |
| Steps / expected / actual | Description |
| Environment | Environment or custom fields |
| Severity | Severity |
| Priority | Priority |
| Evidence | Attachments |
| Story link | Issue links |
GitHub Issues Style
Use markdown headings in the body so scanners and humans can parse quickly:
### Summary
### Environment
### Steps to Reproduce
### Expected
### Actual
### Impact
### Evidence
Chat First, Ticket Second
If you report in Slack under pressure, still create the ticket within minutes. Chat scrolls away. Tickets become history, metrics, and release evidence.
How Bug Reports Feed Better Testing
Every serious defect is a signal about missing coverage. After verification, ask:
- Should a regression case exist?
- Should automation cover this path?
- Was the requirement unclear?
- Did environment gaps hide the issue earlier?
- Should smoke or sanity include a related check?
This closes the loop between defect reporting and prevention. Without that loop, teams only get faster at writing tickets for the same class of failures.
Practice Exercise
Take any public demo site and find one real issue or limitation. Write a full report using the template. Then rewrite the title three ways and pick the most searchable one. Compare your steps with a teammate: if they cannot reproduce from your text alone, strengthen preconditions and data.
Second drill: rewrite a weak historical ticket from your team (redact names) into the strong template. Measure how many questions disappear.
For timed practice with feedback loops, use a QABattle battle on the manual track. Convert one failed observation into a ticket quality report, not only a chatty note.
Final Practical Workflow
When you find a failure:
- Pause and preserve evidence.
- Reproduce at least once more when possible.
- Minimize the steps.
- Capture environment and data.
- Write title, expected, actual, and impact.
- Attach proof.
- Set severity carefully and suggest priority if your process expects it.
- Link requirements or tests.
- File the ticket and notify if it is a blocker.
- After the fix, retest, update the ticket, and add regression coverage when needed.
If you remember one line, remember this: a bug report is a reproducibility contract. The easier you make correct understanding and exact reproduction, the faster the product improves. That is the real skill behind how to write a bug report well, and it compounds across every release you touch.
FAQ
Questions testers ask
What are the key components of a good bug report?
A good bug report includes a clear title, environment, preconditions, steps to reproduce, expected result, actual result, evidence, severity, priority suggestion, and related identifiers such as build, URL, user role, or requirement. The goal is fast understanding and reliable reproduction.
How do you write a bug report that developers will act on?
Make the failure reproducible, specific, and scoped. Use exact data, numbered steps, clear expected versus actual results, and evidence. Avoid vague titles, mixed issues, and blame. State impact in product terms so developers can prioritize and investigate without guesswork.
What is the difference between a defect, bug, and failure?
In practice teams often use bug and defect interchangeably for a flaw in the product. A failure is the observed incorrect behavior during execution. The defect is the underlying issue in requirements, design, or code that caused the failure. Precise terms help, but clear reproduction matters more.
What is severity vs priority in defect reporting?
Severity describes the technical or user impact of the defect, such as crash, data loss, or minor UI issue. Priority describes when it should be fixed relative to business needs and release timing. A cosmetic error on the checkout brand logo can be low severity but high priority before launch.
How detailed should steps to reproduce be?
Detailed enough that another person can follow them without asking what you meant. Include starting state, role, data, and important UI or API actions. Skip tiny obvious clicks when they add noise, but never skip the conditions that make the bug appear.
Should every UI nit get a bug ticket?
Not always as a blocking defect. Track genuine product issues, but group pure polish nits when process allows, and separate feedback from defects when the behavior matches requirements. Still report anything that harms trust, accessibility, revenue, or security.
RELATED GUIDES
Continue the route
How to Write Test Cases: Complete Guide with Examples
Learn how to write test cases with practical steps, examples, a QA template, common mistakes, and review tips for reliable software coverage.
STLC: The 6 Phases of the Software Testing Life Cycle
Learn the software testing life cycle (STLC) phases with entry and exit criteria, Agile vs Waterfall tips, test closure activities, and practical examples.
Smoke vs Sanity vs Regression Testing
Compare smoke vs sanity vs regression testing with definitions, checklists, when to run each, release strategy tips, and common mistakes to avoid.
Exploratory Testing: Techniques, Charters, Session-Based Testing
Learn exploratory testing with charters, session-based test management (SBTM), Agile tips, note templates, examples, and how it differs from ad hoc testing.