Bug Report Template (2026)
Modern defect record: reproducibility, telemetry, user impact, regression commit, CVSS, AI repro — covers Sentry/Replay-era investigations.
✓ Auto-saved to this browser · works offline · nothing leaves your device
What makes a 2026-grade bug report?
The classic ISTQB bug report — title, environment, steps, expected, actual, severity, priority — was designed for a world of monoliths, manual QA, and weekly releases. In 2026, with continuous delivery, distributed systems, and AI assistants, the cost of a vague bug report is higher than ever. A developer who has to reproduce blindly burns 30–60 minutes per bug. A bug report with a Sentry link cuts that to 2 minutes.
This template adds six fields that move the needle: reproducibility, user impact, telemetry / trace ID, regression-introduced commit, CVSS score, and an AI-generated reproduction script.
Reproducibility — why a single field beats a paragraph
Tracking reproducibility as a percentage (100%, 75%, 50%, 25%, one-off) gives triage instant signal. A 100% repro is a deterministic bug — usually a logic error. A 25% repro is a race condition, a network flake, or a state-dependent path. The fix strategy is different. Without the field, both look identical in the queue.
User Impact — the business lens
Severity describes the bug; user impact describes the consequence. "Critical / Sev-1" and "affects 3% of users with a workaround" produce different priority decisions than "Critical / Sev-1" and "blocks all signups, $40k/hr revenue impact." Including user impact lets product and engineering align on triage without a 30-minute meeting.
Telemetry / Trace ID — the unfair advantage
Sentry, LogRocket, Replay.io, Fullstory, Datadog APM — pick one. The trace ID or replay link drops the developer onto the exact failed request with stack trace, network calls, console output, and the user's action sequence. Investigation collapses from "reproduce, then debug" to "open link, read, fix." This single field has the highest ROI of any change in the modern bug report.
Regression-Introduced Commit — git bisect to the rescue
When a bug is a regression, the most valuable piece of information is the commit that introduced it. Use git bisect with an automated test or a manual repro to find it in O(log n) steps. Paste the commit SHA, the PR link, and a one-line summary. The developer who broke it gets the assignment; the fix lands in minutes. Without this field, the team spends days arguing about who owns the bug.
CVSS — for security bugs only
Use the NIST NVD CVSS 3.1 calculator to score security bugs. Paste the numeric score (e.g., 7.4 High) and the vector string. Security triage SLAs are usually keyed to CVSS: ≥ 9.0 means drop everything; 7.0–8.9 means fix this week; below 7.0 means scheduled. Without CVSS, security bugs get triaged by feeling instead of policy.
AI-Generated Reproduction Script
If you used Claude, ChatGPT, or another AI assistant to investigate the bug, paste the Playwright test, cURL command, or SQL query it generated. Even an imperfect repro is faster for the developer than no repro at all. This field is new in 2026 — it didn't exist in the ISTQB-era bug report because AI assistants didn't exist.
Common bug report mistakes
- Title that describes the symptom, not the bug — "Login broken" vs "Login redirects to /dashboard?error=invalid_token after valid OAuth callback"
- Steps that assume context — "Click the button" without saying which page, which button
- No expected vs actual separation — the developer has to guess what was supposed to happen
- Setting Priority = Severity automatically — they're independent dimensions
- Filing a bug without a Sentry / trace link when one is available — pure cost externalisation onto the developer
- Marking everything as "Critical" — destroys priority signal across the queue
Where to paste the Markdown export
Linear, GitHub Issues, GitLab Issues, Slack, Discord, Notion, Confluence, Obsidian — all accept Markdown directly. For Jira, paste into the description field; Jira will render most Markdown, and the new editor supports it natively. The Markdown structure is consistent regardless of destination — a 2026 bug report is portable by default.