Projects¶
Projects are the primary organizational unit in Mayo ASPM. They group related assets, findings, and policies together so your team can manage application security at the right level of granularity.
What is a project?¶
A project represents a logical boundary around a set of assets — typically a single application, service, or business domain. Every finding, policy evaluation, and ticket in Mayo ASPM belongs to exactly one project.
| Concept | Description |
|---|---|
| Project | Top-level container for assets, findings, and policies |
| Sub-project | A child project that inherits policies from its parent |
| Auto-project | A project created automatically when a new asset is discovered |
| Default project | The catch-all project for assets that don't match any policy |
Project hierarchy¶
Mayo ASPM supports a two-level hierarchy:
Organization
├── Project A
│ ├── Sub-project A1
│ └── Sub-project A2
├── Project B
│ └── Sub-project B1
└── Default Project
Why two levels?
A flat list becomes unmanageable at scale, but deeply nested trees hide findings. Two levels strikes the right balance — group by business domain at the top, then by team or component underneath.
Creating a project¶
- Navigate to Projects in the left sidebar.
- Click New Project.
- Enter a name and optional description.
- Choose a color for visual identification across dashboards.
- Optionally assign an owner (team or individual).
- Click Create.
Tip
Use a consistent naming convention across your organization. For example: <domain>-<component> like payments-api or auth-service.
Project dashboard¶
Each project has its own dashboard showing:
- Finding counts broken down by severity (critical, high, medium, low, info)
- Open vs. resolved trend over time
- Policy compliance — how many policies are passing
- Recent scans with status and finding deltas
- Assigned assets and their last-scanned dates
Moving assets between projects¶
You can reassign assets from one project to another at any time:
- Open the source project.
- Select the assets you want to move.
- Click Move to project and choose the destination.
- Confirm the move.
Warning
Moving an asset also moves all of its findings. Tickets that were already generated will retain their original project label in Jira, but new tickets will use the destination project.
Deleting a project¶
Deleting a project requires that it has no assets assigned. Move or unassign all assets first, then:
- Open the project settings.
- Scroll to Danger Zone.
- Click Delete Project and confirm.
Danger
Deletion is permanent. All finding history, policy evaluation logs, and scan records for the project are removed.
Project-level settings¶
Each project can override organization-level defaults for:
| Setting | Description |
|---|---|
| Default severity filter | Which severities appear on the dashboard by default |
| Auto-triage | Whether new findings are automatically triaged by policy |
| Notification channels | Where alerts are sent (email, Slack webhook) |
| Scan schedule | Override the org-wide scan cadence for this project |
| Policy set | Which policies are scoped to this project |
Next steps¶
- Auto-created projects — how Mayo ASPM creates projects automatically
- Sub-projects — organizing within a project
- Policy scoping — assigning policies to specific projects