Overview
The Test Library is your central hub for discovering and adding compliance tests to your program. When you first open the Test Library, you see a high-level overview that includes the total number of tests available, how many are already in use within your program, and how many are not yet in use.
Below this summary is a table that displays all available tests. Each row represents a test, with columns showing details such as test name, test description, category, rating, and last updated date. You can sort the table by any column or use the search bar to find a test.
You can identify which tests are active in your program by checking the action menu at the start of each row. If the menu is visible, it means there are active copies of this test template in your program. Use the menu to view and manage those active copies.
Key Concepts or Components
Filtering:
You can filter by usage (in use, not in use, or new), by rating (Essential or Recommended), or by category (for example, agent, identity, or infrastructure).
Filters are also available for framework mappings, requirements, and connections. Active and inactive connections are clearly indicated.
Once you select an infrastructure connection, you can also filter out by resources from that provider (e.g. AWS connection, you can filter by DB Instances as the resource).
Note: You can only add tests that have an active connection.
Legacy tests:
Some legacy tests remain active and usable but cannot be imported through the Test Library. These are marked with the message This test cannot be managed in Drata Library.
They remain visible for reference until they are migrated to the new autopilot system.
New tests:
Tests marked with a New label are the latest additions to the library.
Bulk actions:
You can select multiple tests and use the Add to Program button to assign them to a workspace.
You can add tests as Draft or Published.
Draft tests do not impact readiness.
Published tests run automatically and contribute to your compliance posture.
When adding tests, the system verifies whether they can be added based on active connections and whether they are manageable through the Test Library.
Use Cases / Best Practices
Test details page: Selecting a test opens its details page, where you find test instructions, mappings to specific controls, test logic, template mappings, and any active copies running in your tenant. You can review setup instructions to ensure the test runs correctly.
Feedback option: The setup instructions include a feedback option that applies only to the AI-generated guidance. This allows you to share whether the automatically generated setup instructions were helpful, helping Drata refine and improve instruction quality.Add test wizard: When you add a test, a wizard guides you through selecting the workspace. You can also customize the test name or description before adding it to your program. The wizard lets you set the test as Draft or Published and confirms successful addition. Once added, the test appears on the Monitoring page, where you can manage it going forward.
Rating: For the tests in the library, we worked with multiple audit partners to determine whether a test would be "essential" for an organization focused on the basics of SOC 2 criteria. Note: we still recommend you review the scope of the test to decide what's relevant to your compliance program. Working with your auditor early on can also help you determine the scope of what's relevant.
New tests: As part of the test library, we have included over 1000 new infrastructure tests across AWS, Azure, and GCP. You can view these by applying the "new" filter or filtering the list by connection. New tests that are imported also have AI test failure summaries enabled.Learn more about how Drata used AI and worked with our audit partners to create and review these tests here!
Custom tests: If your package includes custom tests, you can import the new infrastructure tests and edit their logic in Monitoring.
Prerequisites
Plan availability: All Plans.
RBAC roles: Admin, Guest Admin, Infosec, Devops, Control Manager, Act-as.
Workspace awareness: The Test Library is workspace-aware.