Mitigate flaws using the Triage Flaws page
After an Upload and Scan or Dynamic Analysis is complete, use the Triage Flaws page in the Veracode Platform to review and prioritize all the discovered flaws in detail.
The Triage Flaws page doesn't support flaws from Veracode Pipeline Scan or vulnerabilities from Veracode SCA.
You can sort the flaws and decide if you want to take any mitigation actions to temporarily address them. You can mitigate flaws by making changes to the operating system features, network implementation, or application design.
After you flag a flaw as mitigated, users in your organization with the Mitigation Approver role can accept or reject the mitigations.
Accepting the mitigated flaws removes them from the application score calculation and from being considered in the determination of the application's policy status. The mitigating factors are included in the application report.
Mitigation workflow
The mitigation workflow for the Triage Flaws page involves:
- Review the flaws with your team
- Comment on flaws and track comments from other team members
- Propose mitigating factors for flaws
- Accept or reject proposed mitigations
- View mitigated flaws in reports
Veracode automatically applies mitigation actions, including comments, proposals, acceptances, and rejections, to all matched flaws within the application. Veracode also applies these mitigation actions to copies of the flaw that might exist in other sandboxes and the latest policy scan.