updatemitigationinfo.do

APIs

The updatemitigationinfo.do call enables you to perform several actions on a list of one or more flaws in the specified build. These actions include commenting on a flaw, proposing a mitigation action, and rejecting or accepting a mitigation action.

Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines.

Resource URL

https://analysiscenter.veracode.com/api/updatemitigationinfo.do

Parameters

build_id Integer. Required. This number must be the ID of the most recent build, otherwise the call fails.
action String. Required. Possible values are:
  • comment
  • fp
  • appdesign
  • osenv
  • netenv
  • rejected
  • accepted
comment String. Required. The comment string associated with the action. Limit of 2048 characters.
flaw_id_list String. Required. The list is a comma-separated series of one or more flaw IDs. You can find these IDs on the Triage Flaws page in the Veracode Platform or in the XML returned by the Detailed Report API.

Example Syntax

curl --compressed -u <VeracodeUsername>
                https://analysiscenter.veracode.com/api/updatemitigationinfo.do -F "build_id=10001"
                -F "action=appdesign" -F "comment=We trust input from the database by design based
                on our other controls." -F "flaw_id_list=1,2,3,4,5,6,12,13"

Results

You are prompted for your API account password.

The updatemitigationinfo.do call returns the mitigationinfo XML document, which references the mitigationinfo.xsd. Additional mitigationinfo.xsd schema documentation is available. Use the XSD file to validate the XML data. The following is an example of returned XML:
<mitigationinfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://analysiscenter.veracode.com/schema/mitigationinfo" xsi:schemaLocation="https://analysiscenter.veracode.com/schema/mitigationinfo https://analysiscenter.veracode.com/resource/mitigationinfo.xsd" build_id="10001">
    <issue flaw_id="1" category="Information Exposure Through Debug Information">
        <mitigation_action action="fp" desc="Mitigated as Potential False Positive" reviewer="Taapi02 User" date="2012-08-17 06:43:29.0" comment="The scanner is too sensitive."/>
    </issue>
    <issue flaw_id="2" category="Information Exposure Through Environmental Variables">
        <mitigation_action action="fp" desc="Mitigated as Potential False Positive" reviewer="Taapi02 User" date="2012-08-17 06:43:29.0" comment="The scanner is too sensitive."/>
    </issue>
    <issue flaw_id="3" category="Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')">
        <mitigation_action action="fp" desc="Mitigated as Potential False Positive" reviewer="Taapi02 User" date="2012-08-17 06:43:29.0" comment="The scanner is too sensitive."/>
    </issue>
    <issue flaw_id="4" category="Information Exposure Through Directory Listing">
        <mitigation_action action="fp" desc="Mitigated as Potential False Positive" reviewer="Taapi02 User" date="2012-08-17 06:43:29.0" comment="The scanner is too sensitive."/>
    </issue>
    <issue flaw_id="5" category="Information Exposure Through Directory Listing">
        <mitigation_action action="fp" desc="Mitigated as Potential False Positive" reviewer="Taapi02 User" date="2012-08-17 06:43:29.0" comment="The scanner is too sensitive."/>
    </issue>
    <issue flaw_id="6" category="Information Exposure Through Directory Listing">
        <mitigation_action action="fp" desc="Mitigated as Potential False Positive" reviewer="Taapi02 User" date="2012-08-17 06:43:29.0" comment="The scanner is too sensitive."/>
    </issue>
    <error type="not_found" flaw_id_list="12,13"/>
</mitigationinfo>