Questionnaires
Questionnaires
Questionnaires provide a means for collecting information from developers and respective stakeholders. DefectDojo includes functionality to create new questionnaires with custom questions, open questionnaires to receive responses for certain time periods from insiders or outsiders, and connect questionnaires with new or existing engagements.
Creating a New Questionnaire
To access, create, or modify new/existing questionnaires, navigate to the All Questionnaires dashboard from the sidebar.
On the questionnaire dashboard, all existing questionnaires are displayed. To quickly find a questionnaire, the filters may be used to search for snippets within the questionnaire name and/or description, as well as by active/inactive status.
When questionnaires are open for responses, they will be displayed in the General Questionnaires block towards the bottom of the page.
To begin the process of creating a new questionnaire, select the Create Questionnaire button located in the top right of the questionnaire dashboard.
Questionnaires have a name and description, as well as an activity status, which are initially set on questionnaire creation, but can be modified in the future if necessary. Once these fields are filled in appropriately, the user can create the questionnaire without any questions (by selecting Create Questionnaire), or with questions (by selecting Create Questionnaire and Add Questions).
To add questions to a questionnaire, select the dropdown titled Select as many Questions as applicable, which will open all of the existing questions within DefectDojo. Once the desired questions are selected from the list, the dropdown can be closed, and the Update Questionnaire Questions can be selected to save the newly created questionnaire.
Note: New questions may also be added at the time of questionnaire creation by selecting the plus located next to the questions dropdown.
Creating New Questions
The questions dashboard displays all of the questions that may exist as part of questionnaires within DefectDojo. Similar to questionnaires, to quickly find a question, the filters may be used to search for optional status, or snippets within the question name and/or description. Two types of questions exist within DefectDojo questionnaires: Text Questions and Multiple Choice Questions. To add a new question, select the Create Question button located in the top right of the questions dashboard.
Adding Text Questions
To add a text question (open-ended), fill out the add question form, where:
- Type - The type of question being created, in this case Text.
- Order - The order of a question describes its position in a questionnaire relative to other questions (e.g., an order of 1 will put the question higher than a question with order 4).
- Optional - When the optional box is checked, a question will not be required in a questionnaire.
- Question Text - The text that is displayed to prompt a user for their answer (e.g. What is your favorite color?).
Adding Multiple Choice Questions
Similar to the process of adding a text question, choice questions (non-open-ended) allow the user to pick from a given list of choices. To add a choice question, fill out the add question form, where:
- Type - The type of question being created, in this case Choice.
- Order - The order of a question describes its position in a questionnaire relative to other questions (e.g., an order of 1 will put the question higher than a question with order 4).
- Optional - When the optional box is checked, a question will not be required in a questionnaire.
- Multichoice - When the multichoice box is checked, multiple choices from the list of choices may be selected by the user.
- Answer Choices - The possible answer choices that may be selected by a user.
Publishing a Questionnaire
Once a questionnaire has been successfully created, it can be published to accept responses. To publish a questionnaire, select the plus located to the right of General Questionnaires.
This will prompt for a specific questionnaire to be selected, as well as a date the questionnaire response window should close. The response window sets a due date for recipients. Once these two options have been selected, publish the questionnaire by selecting Add Questionnaire.
Once a questionnaire is published, a link to share it can be retrieved by selecting the Share Questionnaire action. To ensure the newly created questionnaire has been constructed as expected, open the share link and view the newly created questionnaire.
Unassigned Questionnaires
When a questionnaire’s response window has closed, all of the responses will be saved, and the questionnaire will be listed as an Unassigned Answered Engagement Questionnaire on the DefectDojo dashboard.
There are three actions that may be taken when a questionnaire’s response window has closed: View Responses, Create Engagement, and Assign User.
View Questionnaire Responses
To view the questionnaire responses, select the View Responses action. All of the responses from the questionnaire will be displayed.
Create an Engagement From a Questionnaire
To link the questionnaire to a product via an engagement, select the Create Engagement action. Once a product is selected from the dropdown, select Create Engagement. This will link the questionnaire results with a new engagement under the selected product, which can then be given specific details similar to other engagements in DefectDojo, such as Description, Version, Status, Tags, etc.
To view a questionnaire at the engagement level, navigate to the engagement linked with the desired questionnaire. Expand the Additional Features menu to reveal a Questionnaires dropdown, which will contain all of the linked questionnaires.
Assign a Questionnaire to a User
To assign a questionnaire to a user, select the Assign User action. This will prompt for a user to be selected from the dropdown of available users. Once a user is selected, assign the questionnaire to the specified user by selecting Assign Questionnaire.
Creating Questionnaires From Engagements
While questionnaires are commonly created from the questionnaire dashboard, they can also be created at the engagement level. To create a new questionnaire from within an engagement, expand the Additional Features dropdown to reveal the Questionnaires dropdown. In the right side header of the Questionnaires dropdown, select the plus to link a new questionnaire.
Once prompted, select a questionnaire from the available surveys list to link it with the engagement. If the user wishes to leave a response at the time of linking the questionnaire with the engagement, the Add Questionnaire and Repond option may be selected. To simply link the questionnaire with the engagement, select Add Questionnaire.
Anonymous Questionnaires
Questionnaires, by default, are only accessible by DefectDojo users. To allow outside responses to DefectDojo questionnaires, ensure the Allow Anonymous Survey Reponses option within the System Settings is selected. To share a questionnaire with anonymous users, use the questionnaire’s Share Link.
