Tickets¶
Mayo ASPM generates actionable tickets from security findings and pushes them directly into your issue tracker. Instead of dumping hundreds of raw findings on developers, Mayo ASPM groups, deduplicates, and prioritizes findings into tickets that are ready to work on.
How tickets work¶
The ticketing pipeline has three stages:
- Triage — OPA policies decide which findings are actionable and which are noise.
- Grouping — Actionable findings are grouped into logical units (by vulnerability, by file, or by package).
- Generation — Grouped findings become tickets with titles, descriptions, severity labels, and assignees.
Ticket anatomy¶
Every generated ticket includes:
| Field | Description |
|---|---|
| Title | A concise summary, e.g., "CVE-2026-1234: prototype pollution in lodash" |
| Description | Full details including affected files, remediation guidance, and links back to Mayo ASPM |
| Severity | Mapped from the finding severity (Critical, High, Medium, Low) |
| Project | The Mayo ASPM project the finding belongs to |
| Assignee | Determined by ownership policies or manual assignment |
| Labels | mayo-aspm, severity label, scanner name |
| Mayo ASPM link | Deep link back to the finding in the Mayo ASPM dashboard |
Supported integrations¶
| Tracker | Status | Features |
|---|---|---|
| Jira Cloud | GA | Full bi-directional sync |
| Jira Data Center | GA | Full bi-directional sync |
| GitHub Issues | Planned | — |
| Linear | Planned | — |
Ticket states¶
Mayo ASPM tracks ticket state alongside finding state:
| Ticket state | Meaning |
|---|---|
| Draft | Ticket generated but not yet pushed to Jira |
| Open | Ticket exists in Jira and is unresolved |
| In Progress | Jira ticket has been moved to an in-progress status |
| Resolved | Jira ticket is marked done; finding status updates accordingly |
| Stale | The underlying finding was resolved but the Jira ticket is still open |
Bi-directional sync
When a developer closes a Jira ticket, Mayo ASPM marks the corresponding finding as Resolved. When a finding is suppressed in Mayo ASPM, the Jira ticket is updated with a comment explaining why.
Quick start¶
To start generating tickets:
- Connect Jira — see Connecting Jira
- Run a scan — ensure you have findings in at least one project
- Generate tickets — see Generating tickets
Deduplication¶
Mayo ASPM prevents duplicate tickets by tracking which findings have already been ticketed. If a finding already has an open ticket, it will not generate a second one. If a ticket was resolved but the finding reappears, Mayo ASPM will reopen the existing ticket rather than creating a new one.
Bulk operations¶
From the Tickets view, you can:
- Select multiple tickets and change their status
- Re-assign tickets to a different team member
- Re-generate tickets that need updated descriptions (e.g., after new scan data)
- Delete draft tickets that you don't want to push
Tip
Use the triage funnel to filter out noise before generating tickets. This keeps your Jira board clean and your developers focused.
Next steps¶
- Connecting Jira — step-by-step Jira setup
- Generating tickets — the 3-step ticket wizard
- Triage funnel — filter findings before ticketing