Skip to main content

Mitigation and Comments XML API

The Mitigation and Comments API enables you to integrate comments on findings and mitigation workflow tasks into IDEs and bug tracking systems.

You can mitigate a finding, accept or reject a mitigation action, or comment on a proposed mitigation. In addition, you can view all comments and mitigation actions any user has performed on a finding.

To learn about how to use the Mitigation and Comments API, see the tutorial.

REST API equivalent

The REST API equivalents of these calls are available with the Annotations API and the Findings API. Veracode strongly recommends that you use the REST APIs. For new integrations, always use the REST APIs.


  • An API service account with the Mitigation API role or a user account with one of these roles:
    • Reviewer or Security Lead: to view all actions performed on a finding, to submit proposed mitigations, or to comment on proposed mitigations.
    • Mitigation Approver and either Reviewer or Security Lead: to accept or reject proposed mitigations.
  • API credentials
  • HMAC authentication
  • Ensure you access the APIs with the domain for your region.