1 files changed, 143 insertions, 0 deletions

diff --git a/doc/api/graphql/reference/gitlab_schema.graphql b/doc/api/graphql/reference/gitlab_schema.graphql
index b6caff283fc..f3c06a917a7 100644
--- a/doc/api/graphql/reference/gitlab_schema.graphql
+++ b/doc/api/graphql/reference/gitlab_schema.graphql
@@ -3934,6 +3934,11 @@ enum IssueState {
   opened
 }
 
+"""
+Represents untyped JSON
+"""
+scalar JSON
+
 type Label {
   """
   Background color of the label
@@ -6061,6 +6066,31 @@ type Project {
   visibility: String
 
   """
+  Vulnerabilities reported on the project. Available only when feature flag `first_class_vulnerabilities` is enabled.
+  """
+  vulnerabilities(
+    """
+    Returns the elements in the list that come after the specified cursor.
+    """
+    after: String
+
+    """
+    Returns the elements in the list that come before the specified cursor.
+    """
+    before: String
+
+    """
+    Returns the first _n_ elements from the list.
+    """
+    first: Int
+
+    """
+    Returns the last _n_ elements from the list.
+    """
+    last: Int
+  ): VulnerabilityConnection
+
+  """
   Web URL of the project
   """
   webUrl: String
@@ -8421,4 +8451,117 @@ enum VisibilityScopesEnum {
   internal
   private
   public
+}
+
+"""
+Represents a vulnerability.
+"""
+type Vulnerability {
+  """
+  Description of the vulnerability
+  """
+  description: String
+
+  """
+  GraphQL ID of the vulnerability
+  """
+  id: ID!
+
+  """
+  The JSON location metadata for the vulnerability. Its format depends on the
+  type of the security scan that found the vulnerability
+  """
+  location: JSON
+
+  """
+  Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST)
+  """
+  reportType: VulnerabilityReportType
+
+  """
+  Severity of the vulnerability (INFO, UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL)
+  """
+  severity: VulnerabilitySeverity
+
+  """
+  State of the vulnerability (DETECTED, DISMISSED, RESOLVED, CONFIRMED)
+  """
+  state: VulnerabilityState
+
+  """
+  Title of the vulnerability
+  """
+  title: String
+
+  """
+  URL to the vulnerability's details page
+  """
+  vulnerabilityPath: String
+}
+
+"""
+The connection type for Vulnerability.
+"""
+type VulnerabilityConnection {
+  """
+  A list of edges.
+  """
+  edges: [VulnerabilityEdge]
+
+  """
+  A list of nodes.
+  """
+  nodes: [Vulnerability]
+
+  """
+  Information to aid in pagination.
+  """
+  pageInfo: PageInfo!
+}
+
+"""
+An edge in a connection.
+"""
+type VulnerabilityEdge {
+  """
+  A cursor for use in pagination.
+  """
+  cursor: String!
+
+  """
+  The item at the end of the edge.
+  """
+  node: Vulnerability
+}
+
+"""
+The type of the security scan that found the vulnerability.
+"""
+enum VulnerabilityReportType {
+  CONTAINER_SCANNING
+  DAST
+  DEPENDENCY_SCANNING
+  SAST
+}
+
+"""
+The severity of the vulnerability.
+"""
+enum VulnerabilitySeverity {
+  CRITICAL
+  HIGH
+  INFO
+  LOW
+  MEDIUM
+  UNKNOWN
+}
+
+"""
+The state of the vulnerability.
+"""
+enum VulnerabilityState {
+  CONFIRMED
+  DETECTED
+  DISMISSED
+  RESOLVED
 }
\ No newline at end of file