Mitigating Flaws from Within Visual Studio


After performing a Veracode scan of your application, you can use Veracode Static for Visual Studio to propose mitigations for discovered flaws from within Visual Studio.

From within Visual Studio, you can comment on a flaw and set the mitigation status as:
  • Potential false positive
  • Design
  • OS environment
  • Network environment

You can also accept or reject a flaw already flagged as mitigated. Before you can mitigate flaws, you must have the Mitigation API role.

To comment on or mitigate a flaw in Visual Studio:
  1. In Visual Studio, select Veracode Static > View Results.
  2. In the Results window, in the Flaw ID column, select the checkbox next to one or more flaws that you want to mitigate.
  3. From the Actions dropdown menu, select a mitigation action and, then, click Mitigate.
  4. In the Flaw Mitigation Request window, enter your comments.

  5. Click Continue.
If you see an access denied error message when attempting to mitigate a flaw, check for these issues, resolve them, and try to mitigate again:
  • There is a policy or sandbox scan in progress for the application.
  • You are not working with the most recent scan results.
  • You do not have the Mitigation API role.
  • Another user has locked the flaw in the Veracode Platform.