Mitigating Software Composition Analysis Vulnerabilities

Software Composition Analysis

You can review vulnerabilities found during Veracode Software Composition Analysis (SCA) to decide if you want to take mitigation actions to temporarily address the vulnerabilites.

After you mark a flaw as mitigated, users in your organization with the Mitigation Approver role can accept or reject the mitigations. Accepting the mitigated flaws removes them from the application score calculation and from being considered in the determination of the application's policy status. You cannot mitigate SCA vulnerabilities in sandboxes.

Note: You should not consider mitigations as long-term fixes for application security flaws. Environmental changes or new attack techniques can render ineffective many mitigating factors, including network and operating system mitigations. Veracode recommends that you use mitigations as part of a long-term plan to remediate the flaws in the code.