Skip to main content
Curtail

Why ReGrade

Your tests validate what you expect. ReGrade detects what you don't — by comparing real traffic across versions field by field. It doesn't replace the testing you already do; it catches what that testing structurally can't.

ApproachWhat it verifiesWhat it can't seeHow ReGrade complements it
Unit & integration testsThe specific behaviors you wrote assertions for.Behavior you never thought to assert on — the unknown unknowns.Compares entire responses field by field, so unexpected differences surface without a written assertion.
Contract testingThat two services still agree on an API schema.Changes that stay within the contract — wrong values, side effects, a field that shouldn't be there.Compares the actual response content across versions, not just its shape.
Snapshot testingThat an output still matches a previously recorded snapshot.Anything you didn't snapshot; snapshots are brittle and hand-curated.Replays real traffic and maps expected noise (tokens, timestamps) automatically, so only real diffs remain.
DAST & scannersKnown vulnerability classes from a signature or CVE list.Novel, app-specific flaws that have no signature yet.Found a real password-hash leak (CVE-2023-5968) with zero prior knowledge, from traffic alone.
Manual QAWhatever a human thinks to click through, with real judgment.Everything, repeatably — it doesn't scale and isn't deterministic.Turns every recorded request into a repeatable, automated behavioral check.

Additive, not a replacement. Keep your tests — ReGrade grades every real request against a known-good version and surfaces the differences no one wrote a check for.