The point of sending findings to Jira is to route them to the people who already look at Jira. Don't bulk-dump every finding — pick a severity threshold and stick to it.

What gets synced

Finding title, description, and severity → Jira summary, description, priority.
Status changes in either system are reflected in the other (within a minute).
Fixed in Cyvex auto-closes the Jira ticket; closed in Jira marks the finding as remediated.

Assignment strategy

Use Jira components or labels to route by asset owner. E.g. findings against the payments-api repo go to the Payments team component. Avoid “assign to a single security hero” — it creates a bottleneck.

Common pitfalls

Permission issues are the most common setup problem: the Jira user or API token needs project “Create Issue” and “Transition” permissions on the target project. Use a dedicated service account, not a human's personal token.