A user with the Mitigation Approver role can accept or reject proposed mitigations from the Triage Flaws page of your application. To see a list of proposed mitigations, in the Search field, select Mitigation and = Mitigation Proposed. To view all mitigations except the type you selected, click the equals icon again.
Note: You can only use the Triage Flaws page to accept mitigations for internally developed applications. To accept mitigations for third-party applications, use the Mitigated Flaws page.
To complete this task:
- In the Triage Flaws page, select the checkbox in the Id column to check out the flaw. The green lock icon appears in the column.
- Click the arrow next to the checkbox to expand the details for the flaw.
- From the Action menu in the details, select Mitigation Accepted or Mitigation Rejected.
- In the Comments field next to the Action menu, enter the reasoning for your decision. You cannot save your action without entering comments.
- Click Save. Saving your action also checks the flaw back in.
You can delete mitigation comments if the mitigation is not yet accepted or rejected. To delete a mitigation comment, select the checkbox next to the flaw to check it out, and then click the trash can icon next to the comment you want to delete.
Note: A user with the Mitigation Approver role who has access to your application can also check back in a flaw that you have checked out.