<!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> *This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.* <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> API Security testing consistently runs into the problem that our customers do not have any type of API definition that they can use to guide the testing. We would like to remove that barrier to entry for our customers by leveraging our position as an SCM provider to automatically detect and create API definitions. Java Spring Boot is one of the most popular ways to develop web APIs, especially for enterprise customers. This makes it a great first framework to perform API Discovery of. This epic captures the [minimum viable change](https://about.gitlab.com/handbook/product/product-principles/#the-minimal-viable-change-mvc) required to make the feature available for users. ### Context See https://gitlab.com/groups/gitlab-org/-/epics/9253 ### Goal A tool that can be included into a pipeline via a template (similar to other security products) which, given a path to a Spring Boot Executable Jar, will produce an OpenAPI document describing the endpoints in that jar, which is saved as an artifact.