Mitigate findings in Visual Studio 2015 and 2017

You can mitigate static findings, including approving and rejecting existing mitigations, from within your IDE.

Before you begin:

• Ensure you meet the prerequisites.
• Your account must have the Mitigation API role.
• Ensure you have imported the scan results.

From within your IDE, you can comment on a flaw and set the mitigation status as:

• Potential false positive
• Design
• OS environment
• Network environment
• Mitigate by design

You can also accept or reject a flaw already flagged as mitigated.

To complete this task:

1. In your IDE, select Extensions > Veracode > View Results.

2. From the Results window, in the Flaw ID column, select the checkbox next to one or more flaws that you want to mitigate.

3. From the Actions dropdown menu, select a mitigation action. Then, select Mitigate.

4. In the Flaw Mitigation Request window, enter your comments.

5. Select Continue.

6. If you see an access denied error message, check for these issues, resolve them, and try to mitigate again:

   • There is a policy or sandbox scan in progress for the application.
   • You are not working with the most recent scan results.
   • You do not have the Mitigation API role.
   • Another user has locked the flaw in the Veracode Platform.