Accept or reject mitigations from the Triage Flaws page
A user with the Mitigation Approver role can accept or reject proposed mitigations from the Triage Flaws page of your application. To see a list of proposed mitigations, in the Search field, select Mitigation and = Mitigation Proposed. To view all mitigations except the type you selected, select the equals icon again.
You can only use the Triage Flaws page to accept mitigations for internally developed applications. To accept mitigations for third-party applications, use the Mitigated Flaws page.
To complete this task:
- In the Triage Flaws page, select the checkbox in the Id column to check out the flaw. The green lock icon appears in the column.
- Select the arrow next to the checkbox to expand the details for the flaw.
- From the Action menu in the details, select Mitigation Accepted or Mitigation Rejected.
- In the Comments field next to the Action menu, enter the reasoning for your decision. You cannot save your action without entering comments.
- Select Save. Saving your action also checks the flaw back in.
You can delete mitigation comments until the mitigation has been accepted or rejected. To delete a mitigation comment, select the checkbox next to the flaw to check it out, and then click the trash can icon next to the comment you want to delete. After a mitigation has been accepted or rejected, you cannot delete previously added comments.
A user with the Mitigation Approver role who has access to your application can also check back in a flaw that you have checked out. Similarly, such a user can delete mitigation comments created by others.