Use Cases¶
These end-to-end guides walk you through complete workflows in Mayo ASPM. Each guide starts from scratch and ends with a working setup.
Available guides¶
| Guide | Time | What you'll build |
|---|---|---|
| Secure a Node.js app | 30 minutes | Full scanning and triage for a Node.js application |
| Set up PR security gates | 20 minutes | PR scanning with check runs and inline comments |
| Automate triage with OPA | 25 minutes | Policy-driven triage that handles 80%+ of findings |
| Generate Jira tickets | 20 minutes | Ticket generation from triaged findings |
| Set up nightly full-org scans | 30 minutes | Scheduled scanning with Airflow |
Prerequisites¶
All guides assume you have:
- A Mayo ASPM account
- The GitHub App installed on at least one organization
- At least one repository synced
Which guide to start with?
If you're new to Mayo ASPM, start with Secure a Node.js app — it covers the fundamentals. Then try Automate triage to reduce noise.
How these guides are structured¶
Each guide follows the same pattern:
- Goal — what you'll accomplish
- Prerequisites — what you need before starting
- Steps — numbered instructions with screenshots and code
- Verification — how to confirm everything works
- Next steps — where to go from here
Combining guides¶
These guides build on each other naturally:
Secure a Node.js app (scanning basics)
│
├──▶ Automate triage (reduce noise)
│ │
│ └──▶ Generate Jira tickets (create actionable work)
│
└──▶ Set up PR security gates (shift left)
Set up nightly scans (continuous monitoring)
Next steps¶
Choose a guide and get started. Each one is self-contained and can be completed in under 30 minutes.