Skip to content

Generate Jira Tickets

This guide walks you through connecting Jira, configuring ticket generation, and pushing your first batch of security tickets to your team's Jira board.

Goal

By the end of this guide, you will have:

  • Jira connected to Mayo ASPM
  • Your first batch of tickets generated from triaged findings
  • Bi-directional sync tracking ticket status

Time: ~20 minutes

Prerequisites

  • A Mayo ASPM account with admin access
  • Triaged findings (run Automate triage first)
  • Jira Cloud or Jira Data Center with admin access
  • A Jira project to receive tickets

Step 1 — Connect Jira

  1. Navigate to Settings > Integrations > Jira.
  2. Click Connect Jira.
  3. Select Jira Cloud (or Data Center).
  4. Click Authorize with Atlassian.
  5. Select your Jira site and grant permissions.
  6. You're redirected back with a success message.

Info

For detailed setup instructions including Data Center configuration, see Connecting Jira.

Step 2 — Configure project mapping

  1. After connecting, you'll see the project mapping screen.
  2. For each Mayo ASPM project, select the corresponding Jira project:
Mayo ASPM Project Jira Project Issue Type
my-nodejs-app MYAPP Bug
  1. Click Save Mapping.

Step 3 — Configure field mapping

  1. Navigate to Settings > Integrations > Jira > Field Mapping.
  2. Review the default severity-to-priority mapping:
Mayo ASPM Severity Jira Priority
Critical Highest
High High
Medium Medium
Low Low
  1. Adjust if your Jira priorities differ.
  2. Click Save.

Step 4 — Send a test ticket

  1. Click Send Test Ticket.
  2. Select a Jira project.
  3. Verify the test ticket appears in Jira:
    • Check the summary, description, priority, and labels
    • Ensure the mayo-aspm-test label is present
  4. Delete the test ticket from Jira (optional).

Step 5 — Generate your first real tickets

  1. Navigate to Findings in your project.
  2. Filter to show only Confirmed (accepted) findings.
  3. Filter by severity: Critical and High (start with the most important).
  4. Select all findings (or choose specific ones).
  5. Click Generate Tickets.

The 3-step wizard

Step 1 — Select findings: Your filtered selection is pre-loaded. Review and adjust.

Step 2 — Configure grouping: Choose By vulnerability for SCA findings. This groups all occurrences of the same CVE into one ticket.

Step 3 — Review and confirm:

  • Review each ticket preview
  • Verify titles, descriptions, and assignees

  • Choose Save as drafts for the first batch

  • Click Generate.

Step 6 — Review drafts

  1. Navigate to Tickets in the left sidebar.
  2. Filter by status: Draft.
  3. Review each ticket:
    • Is the title clear and actionable?
    • Is the description complete?
    • Is the severity/priority correct?
    • Is the right team or person assigned?
  4. Edit any fields as needed.

Step 7 — Push to Jira

  1. Select all reviewed drafts.
  2. Click Push to Jira.
  3. Mayo ASPM creates issues in Jira for each ticket.
  4. Verify in Jira that the tickets appeared correctly.

Success

Your first batch of security tickets is now in Jira. Each ticket links back to the finding in Mayo ASPM for full context.

Step 8 — Monitor bi-directional sync

As your team works on tickets in Jira:

  • When a Jira ticket is moved to In Progress, the Mayo ASPM finding status updates.
  • When a Jira ticket is marked Done, the Mayo ASPM finding is marked Resolved.
  • When a finding is re-detected after being resolved, Mayo ASPM reopens the Jira ticket.

Test this by closing a ticket in Jira and checking the finding status in Mayo ASPM.

Ongoing workflow

After the initial setup, ticket generation becomes part of your regular process:

Cadence Action
After each scan Review new confirmed findings, generate tickets for critical/high
Weekly Generate tickets for medium-severity findings that have been open > 7 days
Monthly Review ticket backlog, close stale tickets, regenerate updated tickets

Verification

  • Jira is connected and healthy
  • Project mapping is configured
  • Test ticket appeared correctly in Jira
  • First batch of real tickets is in Jira
  • Bi-directional sync is working (close a ticket, check finding status)

Next steps