Integrations

Mayo ASPM connects to your development and security toolchain to ingest assets, run scans, create tickets, and automate workflows. This section covers each supported integration.

---

Available integrations

Integration	Purpose	Status
GitHub App	Repository discovery, webhook events, PR scanning, code access	GA
Jira	Ticket creation, bi-directional status sync	GA
API Keys	Programmatic access to the Mayo ASPM API	GA
Airflow	Scheduled scan orchestration	GA

---

Integration architecture

┌──────────────┐     webhooks      ┌──────────────────┐
│   GitHub     │──────────────────▶│                   │
│   (repos,    │◀──────────────────│   Mayo ASPM       │
│    PRs)      │   check runs      │                   │
└──────────────┘                   │   ┌────────────┐  │
                                   │   │  Scanner    │  │
┌──────────────┐   API calls       │   │  Engine     │  │
│   Jira       │◀──────────────────│   └────────────┘  │
│   (tickets)  │──────────────────▶│                   │
└──────────────┘   webhooks        │   ┌────────────┐  │
                                   │   │  OPA        │  │
┌──────────────┐   REST API        │   │  Engine     │  │
│  Airflow     │──────────────────▶│   └────────────┘  │
│  (schedules) │                   │                   │
└──────────────┘                   └──────────────────┘

---

Setting up integrations

All integrations are managed from Settings > Integrations. Each integration has its own setup flow:

1. GitHub — Install the Mayo ASPM GitHub App on your organization. Setup guide.
2. Jira — Authorize via OAuth or application link. Setup guide.
3. API Keys — Generate keys from the settings page. Setup guide.
4. Airflow — Configure an Airflow DAG to call the Mayo ASPM API. Setup guide.

---

Integration health

The Integration Health panel on the Settings page shows the status of each connected integration:

Status	Meaning
Connected	Integration is active and working
Degraded	Partial issues (e.g., webhook delivery failing)
Disconnected	Integration needs to be re-authorized
Not configured	Integration has not been set up

Mayo ASPM checks integration health automatically and sends alerts when an integration degrades.

---

Permissions model

Each integration requests only the permissions it needs:

• GitHub App — read access to code and metadata, write access to check runs and comments
• Jira — create/edit issues, read projects and users, manage webhooks
• API Keys — scoped to the permissions you select at creation time

Least privilege

Mayo ASPM follows the principle of least privilege. You can review and audit all permissions from the integration settings page.

---

Data flow

Data	Direction	Integration
Repository list	GitHub -> Mayo ASPM	GitHub App
Code for scanning	GitHub -> Mayo ASPM	GitHub App
PR events	GitHub -> Mayo ASPM	GitHub App (webhooks)
Check run results	Mayo ASPM -> GitHub	GitHub App
Tickets	Mayo ASPM -> Jira	Jira
Ticket status changes	Jira -> Mayo ASPM	Jira (webhooks)
Scan triggers	Airflow -> Mayo ASPM	API
Scan results	Mayo ASPM -> Airflow	API

---

Next steps

• GitHub App setup
• Jira integration
• API keys
• Airflow scheduling