ASM is a bytecode manipulation framework (see this page for a nice introduction) and is used by many things performing... bytecode manipulation: frameworks using proxy generation and reflection (Spring, Hibernate, etc), mocking frameworks (EasyMock, JMock, etc), code analysis tools (PMD, Findbugs, etc). Actually, the ASM project maintains a list of users organized by category, check it out.
As mentioned by Vincent, if you are depending transitively on ASM, the dependency:tree
goal or the dependency report (see the PMD and Findbugs links above for examples) can help to analyze the situation and to find out from where its coming from. But this won't take into account dependencies of maven plugins that you are using, only dependencies of your project.