getmitigationinfo.do

Veracode APIs

The getmitigationinfo.do call retrieves all action information for listed flaws in the specified build.

Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines.

Resource URL

https://analysiscenter.veracode.com/api/getmitigationinfo.do

Parameters

Name Type Description
build_id

Required

Integer ID of the latest build.
flaw_id_list

Required

String Comma-separated list of flaw IDs. Find flaw IDs on the Triage Flaws page in the Veracode Platform or in the issueid fields returned by the Detailed Report API.

HTTPie Example

Examples use the HTTPie command-line tool. See Using HTTPie with the Python Authentication Library.

http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/getmitigationinfo.do" "build_id==<build id>" "flaw_id_list==2,3,7,20,25"

HTTPie Results

The getmitigationinfo.do call returns the mitigationinfo XML document, which references mitigationinfo.xsd schema file. You can use the XSD schema file to validate the XML data. See the mitigationinfo.xsd schema documentation.

<mitigationinfo xmlns:xsi="http&#x3a;&#x2f;&#x2f;www.w3.org&#x2f;2001&#x2f;XMLSchema-instance"
      xmlns="https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;schema&#x2f;mitigationinfo&#x2f;1.0" 
      xsi:schemaLocation="https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;schema&#x2f;mitigationinfo&#x2f;1.0 
      https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;resource&#x2f;mitigationinfo.xsd" mitigationinfo_version="1.1" 
      build_id="<build id>">
   <issue flaw_id="2" category="Exposure of Private Information ('Privacy Violation')">
      <mitigation_action action="appdesign" desc="Mitigate by Design" reviewer="VendorTechnique : M1 :  Establish and maintain 
         control over all of your inputs  
         Specifics : Specifics comment added by vendor.
         Remaining Risk : Remaining Risk comment added by vendor.
         Verification : Verification comment added by vendor."/>
      <mitigation_action action="deviates" desc="Deviates from Guidelines" reviewer="Veracode" date="2017-01-20 02:29:32" 
         comment="Deviates comment added by internal admin."/>
   </issue>
   <issue flaw_id="3" category="Exposure of Private Information ('Privacy Violation')">
      <mitigation_action action="appdesign" desc="Mitigate by Design" reviewer="VendorTechnique : M1 :  Establish and maintain 
         control over all of your inputs
         Specifics : Specifics comment added by vendor.
         Remaining Risk : Remaining Risk comment added by vendor.
         Verification : Verification comment added by vendor."/>
      <mitigation_action action="conforms" desc="Conforms to Guidelines" reviewer="Veracode" date="2017-01-20 02:29:07" 
         comment="Conform comment added by internal admin."/>
   </issue>
   <issue flaw_id="20" category="Process Control"/>
   <issue flaw_id="25" category="Missing Release of Memory after Effective Lifetime"/>
   <issue flaw_id="7" category="Authorization Bypass Through User-Controlled Key">
      <mitigation_action action="appdesign" desc="Mitigate by Design" reviewer="<Veracodeuserid>" date="2019-09-17 12&#x3a;16&#x3a;48" 
         comment="Test mitigation details."/>
   </issue>
</mitigationinfo>