Skip to main content

getmitigationinfo.do

The getmitigationinfo.do call retrieves all action information for listed flaws in the specified build.

Before using this API, Veracode strongly recommends that you read API usage and access guidelines. Ensure you access the APIs with the domain for your region.

REST API equivalent

The REST API equivalent of this call is a GET to /appsec/v2/applications/{application_guid}/findings?include_annot=true using the Findings API. For new integrations, always use the REST APIs.

Resource URL

https://analysiscenter.veracode.com/api/getmitigationinfo.do

Parameters

NameTypeDescription
build_id
Required
IntegerID of the latest build.
flaw_id_list
Required
StringComma-separated list of flaw IDs. Find flaw IDs on the Triage Flaws page in the Veracode Platform or in the issueid fields returned by the Detailed Report API.

HTTPie example

Examples use the HTTPie command-line tool.

http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/getmitigationinfo.do" "build_id==<build id>" "flaw_id_list==2,3,7,20,25"

HTTPie results

The getmitigationinfo.do call returns the mitigationinfo XML document, which references mitigationinfo.xsd schema file. You can use the XSD schema file to validate the XML data.

<mitigationinfo xmlns:xsi="http&#x3a;&#x2f;&#x2f;www.w3.org&#x2f;2001&#x2f;XMLSchema-instance"
xmlns="https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;schema&#x2f;mitigationinfo&#x2f;1.0"
xsi:schemaLocation="https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;schema&#x2f;mitigationinfo&#x2f;1.0
https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;resource&#x2f;mitigationinfo.xsd" mitigationinfo_version="1.1"
build_id="<build id>">
<issue flaw_id="2" category="Exposure of Private Information ('Privacy Violation')">
<mitigation_action action="appdesign" desc="Mitigate by Design" reviewer="VendorTechnique : M1 : Establish and maintain
control over all of your inputs
Specifics : Specifics comment added by vendor.
Remaining Risk : Remaining Risk comment added by vendor.
Verification : Verification comment added by vendor."/>
<mitigation_action action="deviates" desc="Deviates from Guidelines" reviewer="Veracode" date="2017-01-20 02:29:32"
comment="Deviates comment added by internal admin."/>
</issue>
<issue flaw_id="3" category="Exposure of Private Information ('Privacy Violation')">
<mitigation_action action="appdesign" desc="Mitigate by Design" reviewer="VendorTechnique : M1 : Establish and maintain
control over all of your inputs
Specifics : Specifics comment added by vendor.
Remaining Risk : Remaining Risk comment added by vendor.
Verification : Verification comment added by vendor."/>
<mitigation_action action="conforms" desc="Conforms to Guidelines" reviewer="Veracode" date="2017-01-20 02:29:07"
comment="Conform comment added by internal admin."/>
</issue>
<issue flaw_id="20" category="Process Control"/>
<issue flaw_id="25" category="Missing Release of Memory after Effective Lifetime"/>
<issue flaw_id="7" category="Authorization Bypass Through User-Controlled Key">
<mitigation_action action="appdesign" desc="Mitigate by Design" reviewer="<Veracodeuserid>" date="2019-09-17 12&#x3a;16&#x3a;48"
comment="Test mitigation details."/>
</issue>
</mitigationinfo>