SoftwareTestPilot
Software Testing FundamentalsPublished: 14 min read

Software Testing Life Cycle (STLC) — 6 Phases with Entry & Exit Criteria (2026 Guide)

The complete 2026 guide to the Software Testing Life Cycle (STLC): 6 phases explained with a full entry/exit criteria table, deliverables, activities, real-world example and STLC vs SDLC comparison. Written for QA freshers and working testers.

Avinash Kamble
Founder & QA Engineer at SoftwareTestPilot
Reviewed by Priyanka G.
Share:XLinkedInWhatsApp
Software Testing Life Cycle STLC 2026 — isometric circular diagram of the 6 phases from requirement analysis to test cycle closure
Software Testing Life Cycle STLC 2026 — isometric circular diagram of the 6 phases from requirement analysis to test cycle closure

What is the Software Testing Life Cycle (STLC)?

The Software Testing Life Cycle (STLC) is a defined sequence of six phases that QA teams follow to plan, design, execute and close testing on a release. Each phase has clear entry criteria (what must be ready before it starts), activities (what the team does), deliverables (what it produces) and exit criteria (what must be true before moving on).

STLC runs alongside the SDLC, but it is not a subset of development — it is its own discipline. The six phases are: 1 Requirement Analysis → 2 Test Planning → 3 Test Case Design → 4 Test Environment Setup → 5 Test Execution → 6 Test Cycle Closure. This guide walks through each phase with a full entry/exit criteria table, a real-world example, STLC vs SDLC comparison and the interview answers you need for freshers, 3-year and senior rounds.

The 6 phases of STLC at a glance

Software Testing Life Cycle STLC diagram — 6 phases arranged in a circular flow from Requirement Analysis to Test Cycle Closure
The STLC as a continuous loop — closure feedback drives the next release cycle.

STLC is iterative, not linear. In agile teams the whole cycle repeats every sprint (2 weeks). In waterfall or regulated releases it may run once per quarter. Either way, the six phases and their gates stay the same.

STLC entry & exit criteria table (featured snippet)

The single table every QA engineer should be able to reproduce in an interview — activities, deliverables and the exact gates between phases:

#PhaseEntry criteriaKey activitiesDeliverablesExit criteria
1Requirement AnalysisBusiness requirements available; project scope defined; stakeholders identifiedStudy requirements; identify testable requirements; list automation candidates; clarify with BA/devRTM (Requirements Traceability Matrix) draft; list of questionsRequirements reviewed & understood; testable requirements identified; RTM baselined
2Test PlanningRequirements baselined; scope of testing defined; risks identifiedDefine scope, approach, tools, environments; estimate effort; identify risks; build scheduleTest Plan document; test strategy; effort estimation; risk logTest plan approved; test strategy defined; resources and schedule confirmed
3Test Case DesignTest plan approved; requirements baselined; test design guidelines availableWrite test cases & scenarios; create test data; peer review; update RTMTest cases; test scripts; test data sets; RTM v2Test cases designed & reviewed; test data prepared; cases baselined
4Test Environment SetupEnvironment requirements defined; hardware/software available; access and configuration details readyProvision servers, DBs, test data; install tools; configure integrations; run smoke on the envEnvironment ready-for-test report; smoke results; test data loadedEnvironment is ready; tools installed and configured; environment smoke passed
5Test ExecutionTest cases baselined; test environment ready; test data available; build deployedExecute test cases; log defects; retest fixes; run regression; report statusTest execution report; defect log; RTM v3 (with status)All planned test cases executed; defects logged, triaged and re-tested; execution status reported
6Test Cycle ClosureTest execution completed; defects triaged; exit criteria definedVerify exit criteria; hold closure meeting; capture lessons learned; publish test summary reportTest summary report; test metrics; lessons learned; archived artefactsExit criteria met; test summary report published; lessons learned documented
Infographic showing all 6 STLC phases with entry and exit criteria for each phase in a horizontal card layout
STLC phases with entry & exit criteria — save or print as an A3 reference.

Phase 1 — Requirement Analysis

The QA team studies the requirements (business, functional and non-functional) as soon as they are baselined by the BA. The goal is not to test yet — it is to understand what to test and question what cannot be tested.

Activities

  • Read the SRS / user stories / acceptance criteria line by line.
  • Identify testable vs non-testable requirements (a requirement is testable only if you can write a pass/fail check for it).
  • Flag ambiguities, contradictions and missing NFRs (performance targets, security expectations, WCAG level).
  • Draft the Requirements Traceability Matrix (RTM) — every requirement mapped to one or more test cases.
  • List candidate features for automation (see types of software testing to decide which type covers which requirement).

Deliverables

  • Draft RTM
  • List of clarification questions for BA/dev
  • Automation feasibility notes

Real example: for a “login with Google OAuth” story, testable items include success, cancelled consent, revoked token, blocked account, and session persistence — all of which land as rows in the RTM before a single test case is written.

Phase 2 — Test Planning

The test lead owns this phase. The output is the Test Plan — the single document that binds scope, approach, resources and schedule together.

Activities

  • Define in-scope and out-of-scope features (out-of-scope is often more valuable than in-scope).
  • Choose test levels (unit, integration, system, UAT) and test types (smoke, regression, performance, security, accessibility).
  • Pick tools (Playwright, Selenium, Postman, k6, axe-core — see the tool matrix in types of software testing).
  • Estimate effort and resource allocation; produce a Gantt or sprint plan.
  • Identify risks and mitigation (e.g. “third-party API sandbox may be flaky — plan mock server”).
  • Define entry and exit criteria for each phase and for the release itself.

Deliverables

  • Test Plan (IEEE 829 or lightweight equivalent)
  • Test Strategy
  • Effort estimation
  • Risk log

The IEEE 829 test plan template is a solid starting point — see the IEEE standards catalogue. Most modern teams use a trimmed version in Confluence or Notion.

Phase 3 — Test Case Design

Now the team writes the actual test cases and prepares test data. Every case is peer reviewed before baseline.

Activities

  • Design test cases using techniques like Equivalence Partitioning, Boundary Value Analysis, Decision Tables and State Transition (covered in the what is software testing pillar).
  • Prepare positive, negative and edge cases.
  • Create test data — synthetic where possible, anonymised where needed. See test data management for automation.
  • Write automation scripts for regression candidates.
  • Peer review; update RTM so every requirement has ≥1 test case.

Deliverables

  • Test cases (in TestRail, Zephyr, Xray or a spreadsheet)
  • Automation scripts
  • Test data sets
  • Updated RTM (v2)

Tip for interviews: for a login page, teams typically write 40–60 test cases across UI, functional, validation, security, session, accessibility and performance — see our login page test cases guide.

Phase 4 — Test Environment Setup

Often run in parallel with Phase 3 by a DevOps or SRE partner. Nothing else in STLC works if the environment is wrong.

Activities

  • Provision servers, DBs, message queues and caches to match production topology as closely as possible.
  • Deploy the build under test.
  • Load anonymised or synthetic test data (from Phase 3).
  • Install and configure test tools (Playwright, k6, ZAP, axe).
  • Wire integrations to external systems or mocks (WireMock, MSW, Mockoon).
  • Run a smoke test on the environment itself before opening it to the wider QA team.

Deliverables

  • Environment ready-for-test report
  • Smoke results
  • Access credentials matrix

In 2026 most teams provision test environments as code — Terraform + GitHub Actions or Argo. That makes tear-down / rebuild for every sprint a 5-minute pipeline instead of a two-day ticket.

Phase 5 — Test Execution

The most visible phase — where cases actually run against the build.

Activities

  • Execute the test cases (manual + automated) in priority order — P0 smoke first, then P1 functional, then P2 regression, then non-functional.
  • Log defects with clear repro steps, severity, priority, environment and evidence (screenshots, HAR, videos).
  • Retest fixes and run regression around the fix area.
  • Update RTM v3 with pass / fail / blocked status.
  • Publish daily status reports — number of cases executed, pass rate, defects opened / closed, blockers.

Deliverables

  • Test execution report
  • Defect log
  • Updated RTM (v3)
  • Daily status emails / dashboards

A modern rule: if your automated regression pack takes longer than 30 minutes, split it and parallelise — developers stop waiting on suites longer than that (see CI/CD pipeline testing).

Phase 6 — Test Cycle Closure

The phase most teams skip — and pay for the next release. Closure is where you convert a completed test cycle into organisational learning.

Activities

  • Verify all release exit criteria are met (usually: 100% P0/P1 test cases executed, 0 open Sev-1 defects, coverage > agreed threshold, non-functional targets met).
  • Hold a closure meeting with dev, PM, QA, SRE.
  • Capture lessons learned: what slowed us, what flaked, what to automate next.
  • Publish the Test Summary Report — test cases executed, pass rate, defect density, defect leakage, time to fix.
  • Archive artefacts (test cases, defects, environment configs) for audit and next release.

Deliverables

  • Test Summary Report
  • Test metrics dashboard
  • Lessons-learned document
  • Archived RTM (final)

STLC vs SDLC — how they line up

AspectSDLC (Software Development Life Cycle)STLC (Software Testing Life Cycle)
FocusBuilding the productVerifying the product
OwnerDevelopment teamQA / test team
PhasesRequirements → Design → Coding → Testing → Deployment → MaintenanceRequirement Analysis → Planning → Design → Env Setup → Execution → Closure
TriggerBusiness idea / user needBaselined requirements
Key artefactWorking softwareTest Plan + RTM + Test Summary Report
RelationshipParent lifecycleRuns in parallel with SDLC testing phase, but has its own gates

STLC is not the testing phase of SDLC — it starts as soon as requirements are baselined, well before code is written. This is exactly what “shift-left testing” means in practice.

STLC in agile and DevOps — does it still apply?

Yes — with three modifications:

  1. The whole cycle compresses into a sprint. Requirement analysis happens at backlog refinement, planning at sprint planning, design and env setup during the first 2–3 days, execution across the sprint, closure at sprint review + retro.
  2. Automation moves earlier. Test cases and scripts are written alongside code (or before, in TDD/BDD — see BDD with Cucumber).
  3. Environments are ephemeral. Every PR gets a preview environment; the “Test Environment Setup” phase becomes a pipeline stage, not a project.

The six phases are still there — they just run continuously instead of once per release. Teams that skip a phase (usually closure) accumulate technical debt that surfaces as regression pain 3–4 sprints later.

Worked example — STLC for an e-commerce checkout feature

Concrete run-through of a 2-week sprint that adds “Buy Now Pay Later” to checkout:

  • Day 1 (Requirement Analysis): QA reviews the 4 user stories, drafts RTM with 24 requirements, flags “refund flow not specified” back to PM.
  • Day 1–2 (Test Planning): Lead QA writes a lightweight test plan — scope = new BNPL widget + regression around checkout; tools = Playwright + Postman + axe; risks = 3rd-party sandbox rate limit.
  • Day 2–5 (Test Case Design): 48 functional cases, 12 API cases, 8 accessibility checks, 6 security checks written and reviewed. Playwright scripts added to the repo alongside the feature branch.
  • Day 3–4 (Environment Setup): DevOps spins a preview env with a mocked BNPL sandbox; smoke passes.
  • Day 6–9 (Execution): All cases run on each merge to the feature branch; 11 defects logged, 9 fixed & retested, 2 deferred to next sprint with PM sign-off.
  • Day 10 (Closure): Exit criteria checked (100% P0/P1 executed, 0 open Sev-1, WCAG AA on new widget, k6 shows p95 < 400ms). Test summary published; retro captures “automate BNPL sandbox reset in setup script”.

STLC in QA interviews — the answers that get you hired

“Explain STLC” is a top-5 opening question in every QA interview. Structure your answer in this order:

  1. One-line definition of STLC.
  2. Name the six phases in order.
  3. For each phase, give the entry criterion, main activity and exit criterion (the table above).
  4. Contrast STLC with SDLC to prove you understand the gates.
  5. Add an agile / DevOps angle to prove you are current.

Practice this out loud with our AI Mock Interview, then run the level-specific banks: freshers, 3 years' experience, senior. Related interview drills: Selenium, Playwright, API testing, SQL.

Frequently asked questions

1.What is STLC in software testing?
STLC (Software Testing Life Cycle) is a defined sequence of six phases — Requirement Analysis, Test Planning, Test Case Design, Test Environment Setup, Test Execution and Test Cycle Closure — that QA teams follow to plan, design, execute and close testing on a release. Each phase has explicit entry criteria, activities, deliverables and exit criteria.
2.How many phases are there in STLC?
Six phases: (1) Requirement Analysis, (2) Test Planning, (3) Test Case Design, (4) Test Environment Setup, (5) Test Execution and (6) Test Cycle Closure. Some older sources list five by merging environment setup into planning, but modern QA practice treats it as a separate gated phase.
3.What are entry and exit criteria in STLC?
Entry criteria are the conditions that must be true before a phase can start (e.g. baselined requirements before test planning). Exit criteria are the conditions that must be true before a phase can end (e.g. all P0/P1 test cases executed and 0 open Sev-1 defects before closure). They are the gates that keep phases from bleeding into each other.
4.What is the difference between STLC and SDLC?
SDLC (Software Development Life Cycle) is the parent lifecycle for building the product — owned by developers. STLC is the parallel lifecycle for verifying the product — owned by QA. STLC starts as soon as requirements are baselined, not just during the SDLC 'testing phase' — that is what shift-left testing means in practice.
5.Which document is produced in the Test Planning phase of STLC?
The Test Plan (often based on IEEE 829). It defines scope, approach, tools, environments, effort estimation, schedule, risks, entry/exit criteria and roles. Alongside it, the team produces a Test Strategy and a risk log.
6.Who is responsible for writing the Test Plan in STLC?
The Test Lead or QA Manager owns the Test Plan. Individual test engineers contribute effort estimates and technical inputs, and dev leads / architects review it for feasibility, but a single accountable owner is critical for sign-off.
7.Does STLC apply to agile and DevOps?
Yes — the six phases still apply, they just compress into a sprint and repeat continuously. Requirement analysis happens at backlog refinement, planning at sprint planning, design and environment setup during the first days of the sprint, execution across the sprint, and closure at sprint review + retro.
8.What is RTM in STLC?
RTM (Requirements Traceability Matrix) is a table mapping every requirement to one or more test cases, and later to their execution status and defects. It is drafted in Phase 1 (Requirement Analysis), baselined in Phase 3 (Test Case Design) and updated with results in Phase 5 (Test Execution).
9.What are typical exit criteria for a release under STLC?
Common release exit criteria: 100% of P0 and P1 test cases executed, 0 open Severity-1 defects, agreed-upon coverage threshold met, all non-functional targets (performance, security, WCAG) met, and sign-off from PM, dev lead and QA lead. Exact thresholds are defined in the Test Plan.
10.How do I explain STLC in a QA interview?
One-line definition first, then name the six phases in order, then for each phase give the entry criterion, main activity and exit criterion (use the table in this guide). Finish by contrasting STLC with SDLC and adding an agile / DevOps angle to prove you are current. Practice out loud with an AI mock interview tool for instant feedback.
Keep going

Practice these questions

Run a live QA mock interview tailored to this topic and get per-skill scoring in minutes.

Found this useful?
Share:XLinkedInWhatsApp

Was this article helpful?

Keep building your QA edge

Continue reading

Join the QA Community

Connect with fellow testers, share job leads, and get career advice.

Premium QA Resources

Stop Reinventing the Wheel. Upgrade Your QA Arsenal.

Take your testing skills from beginner to Lead Engineer. Supercharge your daily workflow with our premium digital resources.

  • Ready-to-use testing strategy templates
  • Advanced API & UI automation guides
  • ⏱️ Save 10+ hours a week on test planning
4.9/5 rating
Explore All Products

⭐⭐⭐⭐⭐ Trusted by 1,000+ Software Test Pilots • Instant Access