Rejecting a Mitigation with the Annotations API

Veracode APIs

This use case scenario provides the Annotations REST API command and payload for rejecting a mitigation proposal against one or more findings for an application.

You can use the Applications API to get the GUID for an application.

Use this command to reject a mitigation proposal, with a comment, for an application with two findings:
http --auth-type=veracode_hmac POST "<Veracode application GUID>/annotations" < input.json
The API passes the JSON file that you populate with the necessary values as shown in this example:
  "issue_list": "1,2",
  "comment": "This is my comment",
  "action": "REJECTED"
Table. JSON Properties
Name Type Description


String Comma-separated list of finding (flaw) IDs. You can use the Findings API to get a list of finding IDs for an application.


String Enter a brief comment about the findings for issue_list.