Using the Mitigation and Comments API

Veracode APIs

The Mitigation and Comments API enables you to integrate comments on findings and mitigation workflow tasks into IDEs and bug tracking systems.

You can mitigate a finding, accept or reject a mitigation action, or comment on a proposed mitigation. In addition, you can view all comments and mitigation actions any user has performed on a finding.

To learn about how to use the Mitigation and Comments API, read the tutorial.

REST API Equivalent

The REST API equivalents of these calls are available with the Annotations API and the Findings API. Veracode strongly recommends that you use the REST APIs. For new integrations, always use the REST APIs.


Before using the Mitigation and Comments API, you must meet the following prerequisites:
  • An API service account with the Mitigation API role or a user account with one of these roles:
    Reviewer or Security Lead
    To view all actions performed on a finding, to submit proposed mitigations, or to comment on proposed mitigations.
    Mitigation Approver and either Reviewer or Security Lead
    To accept or reject proposed mitigations.
  • Veracode API credentials.
  • Ensure you access the APIs with the domain for your region.