Jira Integration¶
Mayo ASPM integrates with Jira Cloud and Jira Data Center to create, update, and track security tickets. This page covers the integration architecture. For step-by-step setup, see Connecting Jira.
Capabilities¶
| Capability | Description |
|---|---|
| Ticket creation | Generate Jira issues from security findings |
| Bi-directional sync | Status changes in Jira reflect in Mayo ASPM and vice versa |
| Field mapping | Map Mayo ASPM severity, labels, and assignees to Jira fields |
| Project mapping | Route tickets to the correct Jira project |
| Bulk operations | Create or update multiple tickets at once |
| Custom fields | Map to your organization's custom Jira fields |
Supported Jira versions¶
| Version | Connection method | Status |
|---|---|---|
| Jira Cloud | OAuth 2.0 (Atlassian Connect) | GA |
| Jira Data Center 8.x+ | Application link (RSA) | GA |
| Jira Server (EOL) | Not supported | — |
Architecture¶
Mayo ASPM Jira
───────── ────
Generate ticket ──── REST API ────▶ Create issue
│
◀─── Webhook ──────┘ Status change
│
Update finding ◀──────────────────┘
Outbound (Mayo ASPM to Jira)¶
- Create issue — POST to Jira REST API with mapped fields
- Update issue — PUT to update description, labels, or comments
- Transition issue — POST to move issue to a new status
Inbound (Jira to Mayo ASPM)¶
- Webhook events — Jira sends
issue_updatedandissue_deletedevents - Mayo ASPM processes these to update finding status
Field mapping details¶
Default field mapping¶
| Mayo ASPM | Jira field | Notes |
|---|---|---|
| Finding title | Summary | Prefixed with CVE ID if available |
| Finding description | Description | Includes remediation guidance, links |
| Severity | Priority | Configurable mapping table |
| Labels | Labels | mayo-aspm + severity + scanner |
| Assignee | Assignee | From ownership policy or project default |
| Project | Project | From project mapping |
| Issue type | Issue Type | Configurable per project mapping |
Severity to priority mapping¶
The default mapping is:
| Mayo ASPM severity | Jira priority |
|---|---|
| Critical | Highest |
| High | High |
| Medium | Medium |
| Low | Low |
| Info | Lowest |
You can customize this in Settings > Integrations > Jira > Field Mapping.
Custom fields¶
Map Mayo ASPM data to custom Jira fields:
- Go to Settings > Integrations > Jira > Custom Fields.
- Click Add Mapping.
- Select the Mayo ASPM source (e.g.,
scanner,cve_id,asset_name). - Select the Jira custom field.
- Click Save.
Webhook configuration¶
Mayo ASPM automatically registers a webhook when you connect Jira. The webhook:
- Listens for
jira:issue_updatedandjira:issue_deletedevents - Filters to issues created by Mayo ASPM (based on the
mayo-aspmlabel) - Processes status transitions to update finding status
Do not delete the webhook
If the webhook is removed from Jira, bi-directional sync will stop. Mayo ASPM health checks will alert you.
Status mapping¶
Map Jira workflow statuses to Mayo ASPM finding statuses:
| Jira status category | Mayo ASPM finding status |
|---|---|
| To Do | Open |
| In Progress | In Progress |
| Done | Resolved |
You can customize status mapping for workflows with non-standard status categories.
Rate limits and performance¶
| Metric | Jira Cloud | Jira Data Center |
|---|---|---|
| API rate limit | Per Atlassian quotas | Depends on instance capacity |
| Bulk ticket creation | 50 issues per batch | 50 issues per batch |
| Webhook delivery | Near real-time | Near real-time |
Mayo ASPM respects Jira's rate limits and queues requests when throttled.
Security¶
- OAuth tokens are stored encrypted and refreshed automatically
- Application link credentials (RSA keys) are stored encrypted
- All communication uses TLS 1.2+
- Jira webhook payloads are verified using shared secrets