You can accept or reject proposed mitigations in the Mitigated Flaws page for both internally developed and third-party applications.
Before you begin:
You must have the Mitigation Approver role to accept or reject proposed mitigations.
To complete this task:
- From the Applications page in the Veracode Platform, select Show All Applications with Mitigations.
- From the list of applications, select View at the end of the row to see a list of the proposed, accepted, or rejected mitigations for the flaws that Veracode discovered in that application.
- Use the Filter field to sort the flaws by ID, severity, and CWE ID.
- If you have access to the source code file for the flaw, browse to its location and load it. As in the Triage Flaws page, the source code file is not uploaded to the Veracode Platform but is simply opened by the browser for viewing.
- Select the Comments tab to view any comments or mitigations for the flaw.
- When you have reviewed the details of the flaw, select either Accept, Reject, or Comment.
- Enter a comment (2048 characters or fewer) to explain your action, then select Check in Flaw.
A user with the Mitigation Approver role who has access to your application can also check back in a flaw that you have checked out.