Sprint QA Checklist: What to Test Before Every Release

Written By  Crosscheck Team

Content Team

May 8, 2025 12 minutes

Sprint QA Checklist: What to Test Before Every Release

Sprint QA Checklist: What to Test Before Every Release

Every sprint ends the same way: the feature is built, the pull requests are merged, and the team is looking at a release window. What happens in the hours between "code complete" and "deployed to production" determines whether users experience a smooth update or a frustrating regression.

A sprint QA checklist is not a replacement for continuous testing throughout the sprint. It is the final systematic pass — the structured set of verifications that happen after development is done and before the release goes live. Done well, it is the difference between a confident deployment and a nervous one.

This checklist covers six critical areas: new feature verification, regression testing, integration checks, deployment verification, and rollback readiness. It is designed to be adapted — trim it for small patch releases, run the full version before major milestones.

Before You Start: Pre-Checklist Setup

A checklist is only useful if everyone knows what they are testing and where. Before the team begins the release QA pass, align on a few essentials.

Environment and build

  • The staging environment mirrors the production configuration — same environment variables, same feature flags, same third-party credentials (in sandbox mode)
  • The release build that will be deployed to production is the exact build being tested — not a local dev build or a previous staging deployment
  • All database migrations that accompany this release have been applied to staging
  • Seed or fixture data reflects realistic production data volumes and edge case scenarios
  • Every team member running QA knows which tickets, features, and bug fixes are included in this release

Coordination

  • A release scope document or sprint summary is available — testers should not be guessing what changed
  • The release window is agreed upon: who deploys, at what time, who is on call immediately after
  • A communication channel is active for the QA session — testers can flag issues immediately without waiting for standup
  • Any known pre-existing issues are documented so they are not reported as regressions

1. New Feature Verification

New features are the highest-priority section of the sprint QA checklist. This is what the sprint delivered, and it must work as specified before anything else is validated.

Acceptance criteria review

  • Every feature in the sprint has its acceptance criteria documented and available
  • Each acceptance criterion has been tested and either passes or has a documented exception
  • Edge cases identified during development have been explicitly tested — not assumed to work
  • The feature behaves correctly for all user roles that should have access to it
  • The feature correctly denies access to user roles that should not have access to it

Happy path testing

  • The primary use case for each new feature works end to end without errors
  • All UI states — loading, empty, populated, error — are implemented and render correctly
  • New UI components match the design specifications: layout, typography, color, and spacing
  • Interactive elements (buttons, forms, toggles, modals) respond correctly to all input types
  • Confirmation dialogs appear where required and honor both the confirm and cancel actions

Edge case and boundary testing

  • Input fields handle minimum values, maximum values, and values at the boundary
  • Required fields enforce validation; optional fields do not block submission when empty
  • Long strings and unusual characters (accented characters, emoji, special symbols) do not break layouts or cause server errors
  • Features that depend on time or date behave correctly around boundaries: midnight, month-end, year-end, daylight saving transitions
  • Features that depend on user-generated content handle the absence of that content gracefully

Cross-device and cross-browser

  • New features are tested in at least Chrome, Firefox, and Safari
  • New UI is tested at mobile, tablet, and desktop viewport sizes
  • Touch interactions on mobile devices (tap, swipe, pinch) work where applicable
  • No layout regressions on viewports the team did not actively design for

2. Regression Testing

Regression testing is the most frequently skipped part of pre-release QA — and the most frequent source of production incidents. Every code change risks breaking something that was already working. The goal of regression testing is to verify that the release did not silently break existing functionality.

Core application flows

  • User registration and login work end to end for all supported authentication methods
  • Password reset completes successfully and the new password is accepted on the first attempt
  • The primary user journey — the sequence of steps that defines core product value — completes without errors
  • Account settings: users can update their profile, change their password, and manage notification preferences
  • Logout invalidates the session and redirects to the correct post-logout destination

Critical business flows

  • Purchase or subscription flows complete end to end in sandbox/test mode
  • Any workflow that processes or transmits user data behaves correctly and does not produce duplicate records
  • Search and filtering return correct results; no results state is handled; pagination is accurate
  • File uploads and downloads work for all supported file types and sizes
  • Any scheduled or automated jobs (emails, reports, webhooks) trigger at the correct time with the correct payload

Features adjacent to what changed

  • Any feature that shares a database table, API endpoint, or UI component with a modified feature has been retested
  • Shared utility functions, helper libraries, or common components that were touched have been verified in every context they appear
  • Navigation items, breadcrumbs, and links that reference or route to modified pages have been verified
  • Any feature controlled by a feature flag has been verified in both the enabled and disabled state

Console and network hygiene

  • No new JavaScript errors appear in the browser console on any tested page
  • No new 400 or 500 errors appear in the network tab during normal user flows
  • No new deprecation warnings or unexpected console warnings have been introduced
  • Response payloads from APIs match the expected structure — no missing fields, no unexpected nulls

3. Integration Checks

Modern applications do not exist in isolation. They depend on third-party services, internal APIs, webhooks, and data pipelines. Integration checks verify that everything the application connects to still works correctly after the release changes.

API and backend integrations

  • All internal API calls in the release scope return the expected status codes and response shapes
  • Authentication tokens and API keys used by integrations are valid and not expired
  • Any new API endpoints introduced in this sprint are tested for both success and error responses
  • Pagination, filtering, and sorting on API endpoints behave correctly with the new code deployed to staging
  • Rate limits on external APIs have been accounted for in the implementation — no untested high-frequency call patterns

Third-party services

  • Payment gateway: test mode transactions complete; failure responses are handled correctly
  • Email delivery: transactional emails trigger correctly, arrive in inbox (not spam), and render properly in Gmail, Outlook, and Apple Mail
  • OAuth and SSO: all configured login providers complete the authorization flow without error
  • Analytics: key events (page views, conversions, feature interactions) fire and appear in the analytics dashboard
  • Any CDN or media storage service: uploaded assets are accessible at the expected URL; cached assets have not been stale-served

Webhooks and event-driven flows

  • Inbound webhooks from connected services are received, parsed, and produce the correct application state
  • Outbound webhooks fire at the correct trigger points and include the correct payload
  • Failed webhook deliveries are retried or queued correctly — no silent drops
  • Event-driven background jobs complete successfully and within expected time windows

Data integrity

  • No duplicate records are created by any user action or automated job in the release
  • Foreign key relationships and data associations are maintained correctly after any schema changes
  • Data that is displayed in the UI matches what is stored in the database — no caching artifacts showing stale data
  • Any data migration included in this release has run completely and the output is verified against a sample of records

4. Deployment Verification

Deployment verification is what happens immediately after the release goes to production. It is a targeted smoke test to confirm the deployment succeeded and that the production environment is behaving as expected.

Immediate post-deployment checks

  • The application loads without errors on production — HTTP 200, no 503 or 502 responses
  • The correct version of the application is running — verify via version number, build hash, or a known new UI element
  • All database migrations have applied successfully — verify via migration status in the deployment log or admin panel
  • Environment variables and secrets are correctly configured in production — no "undefined" values surfacing in UI or logs
  • Static assets (CSS, JavaScript, images) are loading from the correct CDN or storage location

Core flow smoke test (production)

  • Login works with a real test account (not a staging-only account)
  • The primary user journey completes end to end
  • At least one new feature introduced in this sprint is verified to function correctly in production
  • No JavaScript errors appear in the browser console during the smoke test flows
  • Response times on the primary pages are within expected ranges — no latency spike introduced by the deployment

Infrastructure and monitoring

  • Error tracking (Sentry, Datadog, Bugsnag, or equivalent) shows no new error spike immediately post-deployment
  • Application performance monitoring shows response times and throughput in normal ranges
  • Server and container health checks are green — no instances failing liveness or readiness probes
  • Background job queues are processing normally — no growing backlog
  • Log output from the application shows expected patterns — no repeated exceptions or warnings flooding the logs

5. Rollback Readiness

Rollback readiness is not pessimism — it is professionalism. Every release carries risk. Having a clear, pre-tested rollback plan means that if something goes wrong in production, the team responds in minutes instead of hours.

Before deploying

  • The rollback procedure is documented and available to everyone on the release team
  • The previous stable release artifact (build, Docker image, or equivalent) is tagged and accessible
  • Any database migrations in this release have been reviewed for reversibility — an irreversible migration requires extra scrutiny before deployment
  • If the migration is not safely reversible, a forward-fix plan is documented before the release window opens
  • The team agrees on the criteria that will trigger a rollback decision — do not define this under pressure

Rollback execution readiness

  • The person responsible for executing a rollback has the access and permissions required
  • The rollback has been tested in a non-production environment at least once — a plan that has never been practiced is not a plan
  • Communication templates for user-facing incidents are drafted and ready to send
  • The team knows who makes the rollback decision, who executes it, and who handles external communications

Post-rollback verification

  • If a rollback is executed, the smoke test checklist is run again against the rolled-back version
  • The incident is logged with a timeline, root cause hypothesis, and next steps
  • The failed release is not retried until the root cause is identified and the fix is confirmed in staging

6. Release Sign-Off

A clear sign-off process ensures the release is a deliberate decision, not an assumption. No feature should go to production without explicit confirmation that QA has completed.

Sign-off checklist

  • All items in the new feature verification section have been tested and passed or have a documented exception with owner sign-off
  • All regression tests have been completed; any new regressions found have been triaged — critical regressions block the release
  • All integration checks have passed or have a documented acceptable variance
  • Deployment verification has been completed in staging
  • Rollback readiness has been confirmed
  • Any bugs found during QA are filed, prioritized, and triaged — the team has agreed on which must be fixed before release and which can ship
  • The release has a designated owner who is accountable for production health in the hour immediately following deployment

Adapting the Checklist by Release Type

Not every release warrants the same level of scrutiny. Here is how to scale this checklist to the size and risk of the release.

Major release (new product area, significant architecture changes): Run the full checklist. Dedicate a QA session of two to four hours depending on scope. Assign sections to different testers. Consider a staged rollout rather than a single full deployment.

Standard sprint release (new features, bug fixes): Run the full new feature verification and regression sections. Run targeted integration checks for the services touched by the sprint. Complete deployment verification and rollback readiness in full.

Patch or hotfix release: Run a targeted regression test for the area affected by the patch. Run the full deployment verification and rollback readiness sections. Hotfixes are often deployed under pressure — the checklist enforces discipline exactly when it is hardest to maintain.

Configuration or infrastructure change with no code changes: Skip new feature verification. Run core flow smoke tests. Focus on deployment verification and infrastructure monitoring.

Documenting What You Find

A checklist that produces no record of what was tested and what was found is not a testing artifact — it is a ritual. The value of a sprint QA checklist multiplies when the results are documented and accessible.

At a minimum, record: which items were tested, which passed, which failed, what bugs were filed, and the final release decision. Spreadsheets, your project management tool, or a shared document all work. What matters is that the record exists and that it is visible to the release owner and the engineering team.

Bug reports filed during the QA session need to be complete enough for a developer to act on without follow-up. That means: a clear title, steps to reproduce, expected versus actual behavior, severity, environment details, browser version, and any supporting evidence — console logs, network request payloads, and screenshots.

How Crosscheck Fits Into Your Sprint QA Workflow

The hardest part of working through a sprint QA checklist is not running the tests — it is documenting what you find fast enough to keep pace with the testing session. When you find a bug midway through the regression section, pausing to open DevTools, screenshot the console, copy network request details, and write up a coherent bug report costs time and breaks your focus.

Crosscheck is a browser extension that eliminates that friction. The moment you find a bug while working through your checklist, Crosscheck has already captured everything a developer needs to fix it: a screenshot, a session replay of the steps leading up to the issue, the full browser console log, every network request and response, and your environment details. You add a title, mark the severity, and the report goes directly to Jira or ClickUp — fully populated, without manual copy-pasting.

For sprint QA specifically, Crosscheck's instant replay feature is particularly valuable during regression testing. When a regression surfaces, you can share a replayable recording of the failure with the developer, so they see exactly what happened without a back-and-forth conversation about reproduction steps.

Teams using Crosscheck report that the time from bug found to bug filed drops significantly — which means more bugs get documented during the QA session rather than slipping through because the tester ran out of time before the release window.

Try Crosscheck free and see how much faster your sprint QA cycle moves when capturing bugs takes seconds instead of minutes.

The Bottom Line

A sprint QA checklist is not bureaucracy. It is the structured answer to a question every team faces before every release: are we confident this is ready to ship?

The six sections in this checklist — new feature verification, regression testing, integration checks, deployment verification, and rollback readiness — cover the full risk surface of a sprint release. They catch the things that familiarity bias misses, the regressions that only appear when features are combined, and the infrastructure issues that only surface under production conditions.

Adapt the checklist to your release size. Document your results. Agree on your rollback criteria before you deploy. And make sure every bug you find during the session is filed with enough detail that a developer can act on it immediately.

The goal is not a perfect release — it is a confident one, with a clear plan for what happens if something goes wrong.

Related Articles

From Bug Reporter to Quality Advocate: The Future of QA Roles
Industry Trends & Thought Leadership

From Bug Reporter to Quality Advocate: The Future of QA Roles

Crosscheck Team
March 31, 202511 minutes
The QA Skills Gap: Why 50% of Organizations Can't Find Qualified Testers
Industry Trends & Thought Leadership

The QA Skills Gap: Why 50% of Organizations Can't Find Qualified Testers

Crosscheck Team
April 3, 202511 minutes
Flaky Tests Are Killing Your Team's Productivity: Here's How to Fix Them
Industry Trends & Thought Leadership

Flaky Tests Are Killing Your Team's Productivity: Here's How to Fix Them

Crosscheck Team
April 7, 202511 minutes
Contact us
to find out how this model can streamline your business!
Crosscheck Logo
Crosscheck Logo
Crosscheck Logo

Speed up bug reporting by 50% and
make it twice as effortless.

Overall rating: 5/5