Add latest changes from gitlab-org/gitlab@master

1 files changed, 50 insertions, 1 deletions

diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md
index f53a0ca08a3..2c9ac5d65eb 100644
--- a/doc/api/vulnerability_exports.md
+++ b/doc/api/vulnerability_exports.md
@@ -42,7 +42,7 @@ POST /security/projects/:id/vulnerability_exports
 curl --header POST "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/security/projects/1/vulnerability_exports
 ```
 
-The created vulnerability export will be automatically deleted after 1 hour.
+The created vulnerability export is automatically deleted after 1 hour.
 
 Example response:
 
@@ -51,6 +51,53 @@ Example response:
   "id": 2,
   "created_at": "2020-03-30T09:35:38.746Z",
   "project_id": 1,
+  "group_id": null,
+  "format": "csv",
+  "status": "created",
+  "started_at": null,
+  "finished_at": null,
+  "_links": {
+    "self": "https://gitlab.example.com/api/v4/security/vulnerability_exports/2",
+    "download": "https://gitlab.example.com/api/v4/security/vulnerability_exports/2/download"
+  }
+}
+```
+
+## Create a group-level vulnerability export
+
+Creates a new vulnerability export for a group.
+
+Vulnerability export permissions inherit permissions from their group. If a group is
+private and a user isn't a member of the group to which the vulnerability
+belongs, requests to that group return a `404 Not Found` status code.
+Vulnerability exports can be only accessed by the export's author.
+
+If an authenticated user doesn't have permission to
+[create a new vulnerability](../user/permissions.md#group-members-permissions),
+this request results in a `403` status code.
+
+```plaintext
+POST /security/groups/:id/vulnerability_exports
+```
+
+| Attribute           | Type              | Required   | Description                                                                                                                  |
+| ------------------- | ----------------- | ---------- | -----------------------------------------------------------------------------------------------------------------------------|
+| `id`                | integer or string | yes        | The ID or [URL-encoded path](README.md#namespaced-path-encoding) of the group which the authenticated user is a member of |
+
+```shell
+curl --header POST "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/security/groups/1/vulnerability_exports
+```
+
+The created vulnerability export is automatically deleted after 1 hour.
+
+Example response:
+
+```json
+{
+  "id": 2,
+  "created_at": "2020-03-30T09:35:38.746Z",
+  "project_id": null,
+  "group_id": 1,
   "format": "csv",
   "status": "created",
   "started_at": null,
@@ -83,6 +130,7 @@ Example response:
   "id": 2,
   "created_at": "2020-03-30T09:35:38.746Z",
   "project_id": null,
+  "group_id": null,
   "format": "csv",
   "status": "created",
   "started_at": null,
@@ -119,6 +167,7 @@ Example response:
   "id": 2,
   "created_at": "2020-03-30T09:35:38.746Z",
   "project_id": 1,
+  "group_id": null,
   "format": "csv",
   "status": "finished",
   "started_at": "2020-03-30T09:36:54.469Z",