You must only install apps that call the Teamwork Graph API in test organizations. Apps calling the Teamwork Graph API require the read:graph:jiraor read:graph:confluence scope, which provides access to Teamwork Graph data across your entire organization. While apps still respect end-user permissions, this scope may grant access to sensitive information. For safety, only install these apps in organizations with test data. Do not install apps using this API in organizations with production data while this feature is in EAP.

Additionally, this EAP has significant limitations. To review the full list of limitations, see Limitations and considerations.

You must be part of this EAP in order to use the Teamwork Graph API. Express interest in joining through this form.

Represents a security vulnerability from an external security scanning or monitoring system.

Available fields and properties

The Teamwork Graph API has the following fields and properties that you can use in your queries:

Object type fields are the core data fields of the object. Use these when you want to retrieve specific information about the object in your queries.
Cypher query properties are metadata properties used for filtering and traversing relationships between different object types in Teamwork Graph. Use Cypher query properties when you need to filter or navigate relationships between this object and other objects in your queries.

Object type fields

Cypher query properties

Object type fields

You can access these fields in the GraphiQL playground using the book icon in the top left, and then searching for External vulnerability.

Field	Type	Description
`description`	`String`	Description of the vulnerability.
`displayName`	`String`	Display name of the vulnerability.
`externalId`	`ID`	Identifier of the vulnerability in the external system.
`id`	`ID!`	Unique identifier for the vulnerability. This ID is globally unique across the entire Teamwork Graph.
`introducedAt`	`DateTime`	Timestamp when the vulnerability was introduced or discovered.
`lastUpdatedAt`	`DateTime`	Timestamp of the most recent update to the vulnerability.
`provider`	`ExternalProvider`	Provider or integration that supplies this vulnerability.
`status`	`String`	Current status of the vulnerability (e.g., "OPEN", "FIXED", "ACCEPTED_RISK").
`thirdPartyId`	`ID`	Additional identifier used by the third-party system.
`type`	`String`	Type or severity of the vulnerability (e.g., "CRITICAL", "HIGH", "MEDIUM", "LOW").
`url`	`URL`	Direct URL to view the vulnerability in its source system.

Fields for ExternalProvider

Field	Type	Description
`id`	`ID!`	Unique identifier for the external provider.
`logoUrl`	`URL`	URL to the provider's logo image for UI display.
`name`	`String`	Display name of the provider (e.g., "Google Drive", "Dropbox", "GitHub").

Available relationships

The following relationships are currently supported for External vulnerability:

From relationships

Relationships where External vulnerability is the source object.

Relationship name	From object type	To object type
Jira work item links external vulnerability	External vulnerability	Jira work item