* BE DRI: @subashis * FE DRI: TBD ## Summary These are the existing REST APIs for ~"Category:Vulnerability Management": - https://docs.gitlab.com/ee/api/vulnerabilities.html - https://docs.gitlab.com/ee/api/vulnerability_findings.html - https://docs.gitlab.com/ee/api/vulnerability_exports.html - https://docs.gitlab.com/ee/api/project_vulnerabilities.html Both of these are in [Alpha](https://about.gitlab.com/handbook/product/gitlab-the-product/#alpha) and can be removed outside a major release. In contrast, the [vulnerability management GraphQL API](https://docs.gitlab.com/ee/api/graphql/reference/index.html#vulnerabilitiescountbyday) is in production and, as per the [GraphQL Vision](https://docs.gitlab.com/ee/api/graphql/#vision), it's the primary means of interacting with ~"Category:Vulnerability Management" objects. ## Goals 1. Ensure ~"Category:Vulnerability Management" REST API features have a GraphQL equivalent. 1. Do not add new REST API endpoints for ~"Category:Vulnerability Management" . 1. Deprecate and remove [`/vulnerabilities/:id`](https://docs.gitlab.com/ee/api/vulnerabilities.html). 1. Deprecate and remove [`/projects/:id/vulnerability_findings`](https://docs.gitlab.com/ee/api/vulnerability_findings.html), `/vulnerabilities/:id/confirm`, `/vulnerabilities/:id/resolve`, `/vulnerabilities/:id/dismiss`. 1. Deprecate and remove [`/security/projects/:id/vulnerability_exports`](https://docs.gitlab.com/ee/api/vulnerability_exports.html#create-a-project-level-vulnerability-export). 1. Deprecate and remove [`/projects/:id/vulnerabilities`](https://docs.gitlab.com/ee/api/project_vulnerabilities.html). 1. Deprecate and remove `vulnerability issue links` related [endpoints](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/api/vulnerability_issue_links.rb). No existing related docs. 1. Allow 6 months between release of equivalent GraphQL functionality and removal of the deprecated REST endpoints.