Skip to main content

Manage comments on flaws

Use the Triage Flaws page in the Veracode Platform to add and track comments on flaws.

On the Triage Flaws page in the Veracode Platform, you can see comments, mitigation descriptions, and potential false positive reports made by other team members for each flaw. All actions display the ID of the user who left the feedback and the date and time the user performed the action.

Comment on flaws

When you comment on a flaw, other team members can review the comment to share your opinions and offer possible remediation methods, work assignments, and other shared ideas. User comments are not exported on the scan reports. Therefore, you can consider the comments as a private type of working area while you and your team remediate flaws.

To complete this task:

  1. In the Triage Flaws page, select the empty box in the Id column to check out the flaw. The green lock icon appears in the column.
  2. Select the arrow next to the checkbox to expand the details for the flaw.
  3. In the Action field, select Comment from the dropdown menu.
  4. Enter your comment in as much detail as possible, and select Save. Saving your action also checks the flaw back in.
note

A user with the Mitigation Approver role who has access to your application can also check back in a flaw that you have checked out.

Track comments from multiple reviewers

You can make a comment on a flaw that other team members can review. You can make notes about possible remediation methods, work assignments, and other shared notes as comments on the flaw. Because the Triage Flaws page does not export user comments on reports, the team can treat the comments as a private working area while they remediate flaws.

To complete this task:

  1. Select the flaw on the Triage Flaws page.
  2. Select Comment from the Action list, if you did not already select it.
  3. Enter a comment, up to 1024 characters, in the comment text field and select Save.
  4. Check the flaw back in.

Reviewing mitigation activities of other users

You can see other comments, mitigation descriptions, and potential false positive notes for each flaw. All activities are saved to the list of past actions for the flaw, along with the ID of the user making the change and the time when the action was taken.

Last updated on