Veracode recommends that you do not allow the Jira users in your organization to edit the Mitigations field of the security finding tickets.
Use this procedure to change the Mitigations field to read-only access:
- If you are using Jira 6.3 or later, install Script Runner 3.0.4 or later from the Atlassian
Marketplace at https://marketplace.atlassian.com/plugins/com.onresolve.jira.groovy.groovyrunner.
If you are using Jira 6.2, download the .jar file from https://marketplace.atlassian.com/plugins/com.onresolve.jira.groovy.groovyrunner/versions
and install it manually by going to and clicking Upload add-on.
After the plugin installs:
- Go to Behaviours. and in the left menu, click
- In the Add Behaviour section, in the Name field enter Make Mitigation Status and Comments read-only and click Add.
- Click Add Mapping for the new behavior you just created.
- In Choose Projects, select All and then select Add Mapping.
- Click Fields for the behavior, and then click Enable.
- In the Add Field section, select Mitigation Status and Comments and click Add.
- For the Writeable field, select Readonly.