Mitigate Flaws from Within Eclipse

IDEs

After performing a Veracode scan of your application, you can use Veracode Static for Eclipse to propose mitigations for discovered flaws from within Eclipse.

Before you can mitigate flaws, you must have the Mitigation API role.
From within Eclipse, you can comment on a flaw and set the mitigation status as:
  • Potential false positive
  • Design
  • OS environment
  • Network environment
  • Mitigate by design

You can also accept or reject a flaw already flagged as mitigated. To comment on or mitigate a flaw in Eclipse:

  1. In Eclipse, select Veracode > View Results.
  2. In the Results window, in the Flaw ID column, select the checkbox next to one or more flaws that you want to mitigate.
  3. From the Actions dropdown menu, select a mitigation action and, then, click Mitigate.
  4. In the Flaw Mitigation Request window, enter your comments.
  5. Click Continue.
  6. If you see an access denied error message when attempting to mitigate a flaw, check for these issues, resolve them, and try to mitigate again:
    • There is a policy or sandbox scan in progress for the application.
    • You are not working with the most recent scan results.
    • You do not have the Mitigation API role.
    • Another user has locked the flaw in the Veracode Platform.