Back to guides

GUIDE / manual

Smoke vs Sanity vs Regression Testing

Compare smoke vs sanity vs regression testing with definitions, checklists, when to run each, release strategy tips, and common mistakes to avoid.

By The Testing AcademyPublished July 9, 2026Updated July 9, 202616 min read

If you are comparing smoke vs sanity vs regression testing, you are usually trying to answer a release timing question: what do we run now, what do we run later, and what is enough confidence for this build? These three testing types are related, but they solve different problems. Smoke testing asks whether the build is testable. Sanity testing asks whether a focused change looks right. Regression testing asks whether existing behavior still holds after change.

This guide defines each type clearly, shows side by side differences, gives practical checklists, explains sequencing in Agile and CI, and covers common mistakes that waste hours or ship broken builds. You will get language you can use in standups, test plans, and interviews.

Quick Definitions

Smoke Testing

Smoke testing is a short set of critical checks run on a new build to decide whether the build is stable enough for further testing. If smoke fails, deeper testing is usually blocked. The name comes from hardware testing: power it on and see if it smokes.

Smoke testing is broad and shallow. It covers the most important paths lightly, not every rule in detail.

Sanity Testing

Sanity testing is a focused check of a specific fix, feature slice, or narrow area after a change. It verifies that the change appears to work and that nearby critical behavior is not obviously broken. Sanity is narrow and relatively deep for that slice, not a tour of the whole product.

Regression Testing

Regression testing verifies that previously working behavior still works after code, config, data, or environment changes. It protects against unintended side effects. Regression can be large or risk based, manual or automated, and is usually broader than sanity.

Smoke vs Sanity vs Regression Testing Compared

DimensionSmoke testingSanity testingRegression testing
Main questionIs this build testable?Does this change look correct?Did old behavior break?
ScopeBroad critical pathsNarrow changed areaWide existing behavior
DepthShallowMedium on a small areaMedium to deep by risk
WhenEvery new buildAfter fixes or small changesBefore release, after major changes
Suite sizeVery smallSmallMedium to large
Fail impactReject or rebuildRework the changeFix regressions before release
OwnershipOften QA + CI gateFeature tester or assigneeTeam quality process
Automation fitExcellentGood for stable fixesHigh value for stable cores

If you remember only one row, remember the main question. The suite design follows from that question.

Why Teams Confuse These Terms

Teams confuse them because all three can look like "a quick check" in casual conversation. Someone says "just smoke it" when they mean a quick sanity around a bug. Someone labels a 400 case suite as smoke because it runs in CI. Someone calls every retest regression.

Confusion has cost:

  • Testers spend a day on a build that could not even log in.
  • A "full regression" is skipped because people think sanity already covered everything.
  • CI becomes noisy because a huge suite is mislabeled as smoke and flakes block every merge.
  • Release notes claim regression completed when only a few happy paths were clicked.

Shared definitions keep planning honest. Put them in your test strategy so each release plan can reference the same language.

Smoke Testing in Depth

Purpose

Smoke testing is a build acceptance gate. It protects tester time and pipeline trust. A failed smoke should stop the line early.

What Good Smoke Coverage Looks Like

A practical smoke testing checklist for build acceptance often includes:

  1. Build deploys or installs successfully.
  2. Application launches without fatal errors.
  3. Users can authenticate with a known test account.
  4. Primary navigation loads.
  5. One critical create flow works.
  6. One critical read or search flow works.
  7. One critical update or state change works if central to the product.
  8. Core dependency health looks acceptable (API up, basic page render, essential service reachable).
  9. No obvious data corruption message on the home path.
  10. Logout or session end works if security critical.

E-commerce example smoke:

  • Home page loads.
  • Search returns products.
  • Add to cart works.
  • Checkout page opens.
  • Login works.
  • Order history page opens for a known user.

Banking example smoke:

  • Login works.
  • Account summary loads.
  • Fund transfer page opens.
  • Recent transactions load.
  • Logout works.

Smoke Design Rules

  • Keep it short. If smoke takes hours, it is not smoke.
  • Keep it stable. Flaky smoke destroys trust.
  • Keep it critical. Vanity pages do not belong here.
  • Keep expected results objective.
  • Prefer automation for the repeated core.

Sample Smoke Suite Table

IDCheckExpected resultPriority
SMK-01Deploy health endpointReturns healthy statusBlocker
SMK-02Login with valid userDashboard loadsBlocker
SMK-03Open main list pageData or empty state rendersBlocker
SMK-04Create a core recordRecord saved and visibleBlocker
SMK-05Open record detailDetail renders without errorHigh
SMK-06LogoutSession clearedHigh

When Smoke Should Fail the Build

Fail smoke when:

  • App does not start.
  • Login is impossible for valid users.
  • Critical create or pay path is completely broken.
  • Data layer errors block all core screens.
  • Environment is clearly misconfigured for the build under test.

Do not fail smoke for minor visual polish on a rarely used settings page. That belongs elsewhere.

Sanity Testing in Depth

Purpose

Sanity testing validates that a recent change is coherent enough to continue. It is common after bug fixes, small enhancements, config changes, and hotfixes.

Sanity Testing After Bug Fix

A strong sanity pass after a bug fix includes:

  1. Retest the original defect with the same steps, data, and environment class.
  2. Nearby positive path that uses the same module.
  3. Nearby negative path if the bug involved validation or permissions.
  4. One dependency check, such as a related API consumer or UI state.
  5. Basic build health, especially for hotfix branches.

Example: bug was "coupon can be applied twice after refresh."

Sanity set:

  • Apply coupon once, confirm single discount.
  • Refresh checkout, confirm discount not duplicated.
  • Remove coupon, confirm total restores.
  • Apply a different coupon if supported.
  • Complete a small order if payment path was touched.

That is sanity, not full commerce regression.

Sanity Is Not Ad Hoc Chaos

Sanity can be informal in timing, but it should not be random. Write a short charter or checklist for the change:

Sanity focus: password reset email expiry fix
Build: 2026.07.09.14
Checks:
1. Reset with fresh link succeeds.
2. Reset with expired link fails clearly.
3. Login with new password works.
4. Login with old password fails.
5. Request reset still sends email.
Out of scope: full auth security audit, SSO providers, mobile app parity

This keeps the work honest and reviewable.

When Sanity Is Enough

Sanity may be enough when:

  • The change is tightly scoped.
  • Risk is low to medium.
  • Automated regression already covers nearby critical paths.
  • Time is constrained and stakeholders accept residual risk.

Sanity is not enough when:

  • The change touches shared libraries, auth, payments, or data migrations.
  • Multiple modules consume the changed code.
  • There is weak automated coverage.
  • The release is customer visible and high impact.

Regression Testing in Depth

Purpose

Regression testing protects existing value. Software rarely fails only in the lines that changed. Side effects appear in shared components, cached data, feature flags, permissions, and forgotten integrations.

Types of Regression Scope

ScopeWhat it coversTypical use
Unit or component regressionCode-level checks near changeDeveloper CI
Targeted regressionFeatures related to the changeAfter feature work
Full regressionBroad product behaviorMajor releases, weak confidence
Risk based regressionHighest business and technical risk areasMost healthy teams
Automated nightly regressionStable high value suiteContinuous confidence

Healthy teams rarely run "everything manual" every time. They combine automation, risk based selection, and exploratory testing for unknown risks.

Building a Regression Testing Strategy for Releases

A practical regression testing strategy for releases answers:

  1. What must never break for this product?
  2. What changed in this release?
  3. What historically breaks?
  4. What is automated already?
  5. What needs human judgment?
  6. What is out of scope and accepted?

Suggested layers:

  • CI smoke on every build.
  • PR level checks for unit, API, and critical UI.
  • Targeted regression for touched modules during the sprint.
  • Release regression pack for business critical journeys.
  • Exploratory sessions on new risk surfaces.
  • Hotfix mini pack for emergency changes.

Regression Suite Maintenance

Regression dies when the suite becomes a junk drawer.

Maintain it by:

  • Adding cases for expensive escaped defects.
  • Removing obsolete flows.
  • Splitting flaky UI checks from reliable API checks.
  • Tagging cases by module, risk, and execution time.
  • Reviewing the pack each major release.

Connect suite updates to your software testing life cycle closure activities so learning becomes coverage.

Sequencing: What to Run When

Typical Build Flow

1. Deploy build
2. Smoke testing (gate)
3. If smoke fails -> reject build
4. If smoke passes -> feature testing + sanity around changes
5. Targeted regression for impacted areas
6. Broader regression near release
7. Final smoke on release candidate

Agile Sprint View

MomentBest fit
Local developer verificationUnit tests + tiny manual check
CI on pull requestAutomated smoke or critical path
Build drops to QASmoke
Story ready for testFeature tests + sanity
Bug fix returnsSanity around fix
Sprint end / release branchRisk based regression
Production hotfixSmoke + tight sanity + tiny regression

CI Example Thinking

  • Pipeline stage smoke: 5 to 20 minutes, hard gate.
  • Pipeline stage regression: longer, maybe nightly or pre-release.
  • Do not name a two hour suite "smoke." Names drive expectations.

Ownership and Communication

Who Runs What

TypeCommon owners
SmokeCI system + on-call QA or release engineer
SanityTester assigned to the ticket
RegressionQA team with dev support for automation

How to Report Results

Bad update:

"Tested the build. Looks fine."

Better update:

Build: 1.18.3
Smoke: PASS (6/6) in 12 minutes
Sanity on BUG-441: PASS (retest + 4 nearby checks)
Targeted regression payments: 18 pass, 1 blocked (sandbox bank timeout)
Open risk: payout report pending environment data refresh

Clear labels prevent stakeholders from mistaking sanity for full regression.

Manual vs Automated Split

SuiteAutomation guidance
SmokeAutomate as much as possible
SanityAutomate stable fix verifications over time; keep flexible manual checks for new uncertainty
RegressionAutomate high value stable paths; keep manual for usability, complex setup, and weak oracles

Automation does not replace judgment. It replaces repetitive confirmation so humans can investigate risk.

If you are still learning to turn flows into cases, use the guide on how to write test cases and tag each case as smoke, sanity candidate, or regression pack.

Worked Example: Release Week Decisions

Product: project management web app
Change set: new board filters, fix for comment mentions, dependency upgrade in notifications service.

Day 1: New build arrives

Run smoke:

  • Login
  • Open project
  • Create task
  • Open board
  • Basic notification bell loads

Result: PASS

Day 1-2: Feature and sanity work

  • Deep tests for board filters (feature testing)
  • Sanity for comment mentions fix
  • Light check that notifications still deliver for mention events

Day 3: Targeted regression

Because notifications service changed:

  • Mention notifications
  • Due date reminders
  • Assignment notifications
  • Email preference toggles
  • Unsubscribe path if shared code exists

Day 4: Release regression pack

  • Auth
  • Project CRUD
  • Board core journeys
  • Comments
  • Notifications
  • Permissions for private projects
  • Billing only if shared libraries touched (here, maybe skip if evidence shows isolation)

Day 5: Final RC smoke

Re-run smoke on the release candidate after final commits.

This sequence uses all three types without pretending they are the same activity.

Metrics That Help (and Metrics That Mislead)

Helpful:

  • Smoke pass rate by build.
  • Time to smoke signal.
  • Escaped defects in areas claimed as regression covered.
  • Flake rate of smoke automation.
  • Percent of critical journeys automated.

Misleading if used alone:

  • "1000 regression cases executed" without risk context.
  • Pass rate on a suite full of low value checks.
  • Counting sanity as full regression completion.

Quality reporting should describe risk covered, not only case counts.

Common Mistakes

Mistake 1: Oversized Smoke Suites

If smoke includes every admin setting, it stops being a gate and becomes a slow, flaky slog. Keep smoke ruthless and small.

Mistake 2: Calling Random Clicks Sanity

Sanity should still target the change. Random wandering is exploration, which is valuable, but different. Name it correctly.

Mistake 3: Skipping Smoke Because "CI Passed Unit Tests"

Unit tests can pass while routing, config, migrations, or frontend bundles are broken. Smoke validates the assembled build.

Mistake 4: Full Manual Regression Every Time by Habit

That approach does not scale. Use risk, automation, and change impact analysis. Full regression is a tool, not a personality trait.

Mistake 5: No Retest of the Original Bug

Sanity after a fix that never retests the original report is incomplete. Always reproduce the defect path first.

Mistake 6: Regression Without Maintenance

Ancient cases for removed features create noise and false confidence. Prune the suite.

Mistake 7: Same Suite Name, Different Meaning Across Teams

If Platform QA and Product QA use "smoke" differently, cross-team release trains suffer. Standardize definitions in writing.

Mistake 8: No Environment Truth

Smoke failures caused by shared staging data corruption are still failures, but they need environment diagnosis. Track environment health separately so engineering does not ignore real product defects hidden in noisy stages.

Checklists You Can Copy

Smoke Testing Checklist for Build Acceptance

[ ] Correct build version deployed
[ ] App launches
[ ] Auth works for standard role
[ ] Primary dashboard or home loads
[ ] One create action succeeds
[ ] One search or list action succeeds
[ ] Critical integration dependency responds
[ ] No blocker console or server error on main path
[ ] Logout or session end works if required
[ ] Result recorded with build ID and time

Sanity Checklist After Bug Fix

[ ] Original bug reproduced on previous behavior or accepted as documented
[ ] Fix verified with original steps and data
[ ] Nearby positive path checked
[ ] Nearby negative or permission path checked if relevant
[ ] One dependency or integration touchpoint checked
[ ] No obvious UI crash in the module
[ ] Ticket updated with evidence
[ ] Decision: ready for broader testing / ready for release / reopened

Release Regression Skeleton

[ ] Critical revenue or mission journeys
[ ] Auth and access control
[ ] Data integrity for core records
[ ] Top customer workflows from support history
[ ] Areas touched by this release
[ ] Areas with recent production incidents
[ ] Automated pack results reviewed, not only green badges
[ ] Known gaps and residual risks documented

Interview Style Clarity

If an interviewer asks for smoke vs sanity vs regression testing, answer in this order:

  1. One sentence definition each.
  2. Scope and depth contrast.
  3. When you run each.
  4. One concrete product example.
  5. How automation fits.

Example short answer:

Smoke is build acceptance on critical paths. Sanity is focused verification after a change. Regression checks whether old features still work. I smoke every build, sanity every fix, and regress based on risk before release, with automation carrying the stable core.

How This Fits Daily QA Work

  • Write cases with suite tags: smoke, regression, hotfix.
  • Keep smoke under a strict time budget.
  • After each serious production bug, decide whether a new regression case is required.
  • Use exploratory charters for uncertainty after smoke passes.
  • Never report "regression done" if you only finished sanity.

For hands-on practice, run a timed challenge in the QABattle arena: first list five smoke checks for a sample app, then list a sanity pack for a pretend bug fix, then list ten regression risks. Comparing those lists trains prioritization faster than memorizing definitions.

Final Practical Workflow

Use this decision tree on every build:

  1. Is there a new build? Run smoke first.
  2. Did smoke fail? Stop, report blockers, wait for a new build.
  3. Did smoke pass? Test the assigned changes.
  4. Was there a bug fix returned? Run sanity around that fix.
  5. Did the change touch shared or high risk areas? Expand into targeted regression.
  6. Is this a release candidate? Run the agreed regression strategy plus final smoke.
  7. Record what type of testing was done so stakeholders do not over-read the result.
  8. Feed escaped defects back into regression packs.
  9. Keep automation closest to smoke and stable regression cores.
  10. Review suite names and sizes every few sprints so language and practice stay aligned.

The goal is not to run every type every time with maximum ceremony. The goal is to choose the right confidence tool for the moment. When teams share clear definitions of smoke vs sanity vs regression testing, they waste less effort, reject bad builds faster, and release with fewer surprises.

FAQ

Questions testers ask

What is the difference between smoke testing and sanity testing?

Smoke testing checks whether a new build is stable enough for deeper testing. Sanity testing checks whether a specific fix or narrow change works as expected. Smoke is broad and shallow across critical paths. Sanity is narrow and deeper around the changed area.

Is sanity testing a subset of regression testing?

Sanity testing is often treated as a focused, shallow form of regression around a change, but it is not the full regression suite. Regression aims to protect wider existing behavior. Sanity asks whether this fix or feature slice looks correct enough to continue.

When do you run smoke tests vs regression tests?

Run smoke tests on every new build before investing serious test effort. Run regression tests before release, after major merges, or when risk to existing features is high. Smoke is a gate. Regression is broader confidence for change impact.

What should a smoke testing checklist include?

Include install or deploy success, app launch, login, critical create-read-update flows, core navigation, essential integrations, and no obvious blocker errors. Keep it short enough to run quickly and strict enough to reject broken builds.

When should you do sanity testing after a bug fix?

After a bug fix, run sanity around the fixed behavior, nearby related functions, and any dependency the fix touched. Confirm the defect is gone, no obvious side effect appears, and the build is still usable for broader testing or release candidates.

Can smoke and regression both be automated?

Yes. Smoke suites are excellent automation candidates because they are small, stable, and run often. Regression can be partly or largely automated, with manual and exploratory testing covering judgment-heavy risks automation misses.