Mitigating Flaws from Visual Studio

IDEs

The Veracode extension enables you to propose mitigations for flaws that are found during the scan of your application.

Using the Veracode extension you have the option of commenting on a flaw as well as marking the mitigation status as:
  • Potential false positive
  • Design
  • OS environment
  • Network environment

You also have the option to accept or reject a flaw already marked as mitigated. You must have the Mitigation API role to be able to mitigate flaws using the Veracode extension.

To comment on or mitigate a flaw in Visual Studio:
  1. Open Veracode > View Results.
  2. In View Results, select checkbox next to the flaw you want to mitigate, select a mitigation action from the dropdown menu, and click Mitigate.
  3. In the Flaw Mitigation Request window, enter a description of the change..
  4. Click Continue.



If you encounter an access denied error message when attempting to mitigate a flaw, check for the following issues, resolve them, and try to mitigate again:
  • There is a policy or sandbox scan in progress for the application.
  • You are not working with the most recent scan results.
  • You do not have the Mitigation API role.
  • The flaw is locked in the Platform by another user.