You can accept or reject proposed mitigations in the Mitigated Flaws page for both internally developed and third-party applications.
Before you begin:
You must have the Mitigation Approver role to accept or reject proposed mitigations.
To complete this task:
- From the Applications page in the Veracode Platform, click Show All Applications with Mitigations.
- From the list of applications, click View at the end of the row to see a list of the proposed, accepted, or rejected mitigations for the flaws that Veracode discovered in that application.
- Use the Filter field to sort the flaws by ID, severity, and CWE ID.
- If you have access to the source code file for the flaw, browse to its location and load it. As in the Triage Flaws page, the source code file is not uploaded to the Veracode Platform but is simply opened by the browser for viewing.
- Click the Comments tab to view any comments or mitigations for the flaw.
- When you have reviewed the details of the flaw, click either Accept, Reject, or Comment.
- Enter a comment (2048 characters or fewer) to explain your action, then click Check in Flaw.