Using the Mitigation and Comments API


The Mitigation and Comments API enables you to integrate flaw comments and mitigation workflow tasks into IDEs and bug tracking systems.

You can mitigate a flaw, accept or reject a mitigation action, or you can comment on a proposed mitigation. In addition, you can view all comments and mitigation actions any user has performed on a flaw.

To learn about how to use the Mitigation and Comments API, read the tutorial.

To use the Mitigation and Comments API, you must have either a:
  • Veracode API account with the Mitigation API role
  • Veracode human user account with the following roles to do specific tasks:
    Reviewer or Security Lead
    To view all actions performed on a flaw, to submit proposed mitigations, or to comment on proposed mitigations.
    Mitigation Approver and either Reviewer or Security Lead
    To accept or reject proposed mitigations.