Auto-Created Projects¶
When Mayo ASPM discovers a new asset — through a GitHub repository sync, a scan upload, or an API call — it can automatically create a project to house that asset. This keeps your workspace organized without manual effort.
How auto-projects work¶
Auto-project creation is triggered whenever an asset arrives that does not match any existing project. The flow is:
- Asset arrives — a new repository is synced, or a scan is uploaded referencing an unknown asset.
- Project policies evaluated — Mayo ASPM checks your project policies to determine where the asset should go.
- Match found — the asset is assigned to the project specified by the policy output.
- No match — if no policy matches, a new project is created using the asset's name.
Asset discovered
│
▼
┌─────────────┐ match ┌──────────────────┐
│ Evaluate │───────────▶│ Assign to │
│ project │ │ existing project │
│ policies │ └──────────────────┘
└─────┬───────┘
│ no match
▼
┌──────────────────┐
│ Create new │
│ auto-project │
└──────────────────┘
Auto-project naming¶
By default, auto-projects are named after the asset that triggered their creation:
| Asset source | Default project name |
|---|---|
| GitHub repository | <org>/<repo> |
| Uploaded scan | Filename stem (e.g., results.json becomes results) |
| API-submitted asset | The asset_name field from the request |
Tip
You can override auto-project naming with a project policy. For example, strip the GitHub org prefix so acme/payments-api becomes just payments-api.
Controlling auto-project behavior¶
Enable or disable globally¶
- Go to Settings > Organization > Projects.
- Toggle Auto-create projects for unmatched assets.
When disabled, unmatched assets are placed in the Default Project.
Use project policies for fine-grained control¶
Project policies give you full control over how assets map to projects. A simple example:
package mayo.project
import rego.v1
project := name if {
# Group all repos under the same GitHub org into one project
input.asset.source == "github"
parts := split(input.asset.full_name, "/")
name := parts[0]
}
This policy groups every repository from the same GitHub organization into a single project.
Policy evaluation order
Project policies are evaluated before auto-project creation. If any policy returns a project name, that name is used — either matching an existing project or creating a new one with that name.
Merging auto-projects¶
Over time you may end up with auto-projects that should be combined. To merge:
- Navigate to Projects.
- Select the projects you want to merge.
- Click Merge and choose which project name to keep.
- All assets, findings, and history from the other projects are moved into the surviving project.
Warning
Merging is irreversible. The absorbed projects are deleted after their contents are transferred.
Identifying auto-projects¶
Auto-projects are tagged with an Auto badge in the project list. You can filter the project list to show only auto-created projects.
In the API, auto-projects have "auto_created": true in their metadata:
{
"id": "proj_a1b2c3d4",
"name": "acme/payments-api",
"auto_created": true,
"created_at": "2026-03-15T10:30:00Z",
"asset_count": 1
}
Best practices¶
- Start with auto-projects enabled — let Mayo ASPM organize your workspace as assets flow in, then consolidate later.
- Write project policies early — even a simple grouping policy prevents project sprawl.
- Review auto-projects weekly — merge or rename projects that were created with suboptimal names.
- Use the Default Project as a triage inbox — anything that lands there needs a home.
Next steps¶
- Project policies — write policies that control asset-to-project mapping
- Sub-projects — add structure within a project