Skip to content

Features Overview

Mayo ASPM provides a comprehensive set of features for managing application security across your organization. This page gives you a brief description of each feature with links to the detailed documentation.

Your day starts here. The dashboard gives you an instant read on your security posture, and universal search lets you find anything in seconds.

Feature Description Link
Dashboard Real-time metrics, severity breakdown charts, scan success rates, top projects by finding count. Every card is clickable for drill-down. Dashboard
Universal Search Cmd+K (or Ctrl+K) to search across findings, assets, scans, and more. Includes a magic side panel for quick previews. Universal Search

Assets & Repositories

Assets are the code repositories Mayo ASPM monitors and scans.

Feature Description Link
Asset management View all connected repositories, their language breakdown, branch info, and finding counts. Assets overview
Adding public repos Manually add any public GitHub repository by URL — no GitHub App installation needed. Public repos
Managing assets Rename, archive, delete, and organize assets. Manage default branches and project assignments. Managing assets

Security Scanning

The core of Mayo ASPM — running security scanners against your code.

Feature Description Link
Ad-hoc scans On-demand scans you trigger manually from the UI or API. Choose scanner, branch, and rules. Ad-hoc scans
Scheduled scans Automated scans on a cron schedule — nightly, weekly, or custom. Set-and-forget continuous monitoring. Scheduled scans
Scan queue View all running, queued, and completed scans. Monitor progress and review logs. Scan queue
Scanner reference Detailed guide to every supported scanner: Semgrep, Bandit, Trivy, Gitleaks, Checkov. Strengths, languages, and configuration options. Scanner reference

PR Scanning

Shift security left by scanning every pull request before it merges.

Feature Description Link
PR scanning overview How PR scanning works: webhook events, automatic scans, PR comments, check statuses. PR scanning
Setup Enable PR scanning on a per-repo or org-wide basis. Configure which scanners run on PRs. Setup
Alerts & blocks Configure whether findings produce warnings or block the PR from merging. Controlled by severity thresholds or OPA policies. Configuration
Bulk management Enable or disable PR scanning across many repositories at once. Bulk management
PR comments What the PR comment looks like, how findings are displayed, and how developers interact with them. Understanding PR comments

Findings Management

Track, triage, and resolve every vulnerability.

Feature Description Link
Findings overview The central findings list: every vulnerability across all assets, with powerful filtering and sorting. Findings
Filtering & views Filter by severity, status, scanner, file path, CWE, date range, and more. Save custom views. Filtering
Triage workflow Move findings through the status lifecycle: Open, Confirmed, Accepted Risk, Resolved, False Positive. Triage
Finding details The full detail view: code snippet, scanner metadata, CWE/CVE links, history, and remediation guidance. Details

Projects

Organize assets into meaningful groups.

Feature Description Link
Projects overview What projects are and how they help you organize your security posture by team, domain, or application. Projects
Auto-created projects How Mayo ASPM automatically creates a project for each new asset, and how to customize them. Auto projects
Sub-projects Hierarchical project structure for large organizations with multi-level grouping needs. Sub-projects

Tickets & Jira Integration

Turn findings into actionable work items in your existing project management tools.

Feature Description Link
Tickets overview How Mayo ASPM creates and tracks tickets from findings. Tickets
Connecting Jira Step-by-step Jira Cloud connection setup. Connect Jira
Generating tickets Create Jira tickets from individual findings or in bulk. Field mapping and customization. Generating tickets
OPA triage funnel Use OPA policies to automatically generate tickets for findings that match specific criteria. Triage funnel

OPA Policy Engine

Automate decisions with policy-as-code.

Feature Description Link
Policies overview What OPA policies are, how they work in Mayo ASPM, and why they matter at scale. Policies
Writing Rego Guide to writing Rego rules for Mayo ASPM's policy engine. Includes examples and patterns. Rego guide
Policy Playground Test policies against real findings in a sandbox before deploying them. Playground
Policy kinds Triage, Priority, Ownership, Project, and PR Scan policies — what each does and when to use it. Policy kinds

Integrations

Connect Mayo ASPM with your tools.

Feature Description Link
GitHub App The GitHub App integration: installation, permissions, webhook management. GitHub
Jira Jira Cloud integration for ticket generation and sync. Jira
API Keys Create and manage API keys for REST API access. API keys
Airflow Use Apache Airflow to schedule and orchestrate scans. Airflow

API

Build custom integrations and automate workflows.

Feature Description Link
API overview REST API capabilities, base URL, and interactive docs. API
Authentication API key authentication, header format, and security best practices. Authentication
Endpoints Full endpoint reference for assets, findings, scans, projects, and policies. Endpoints
Examples Copy-paste examples in cURL, Python, and JavaScript. Examples

Interactive API docs

Try API endpoints directly from your browser at docs.api.mayoaspm.com/docs (Swagger) or docs.api.mayoaspm.com/redoc (ReDoc).

Where to go from here