diff --git a/.github/workflows/api-docs.yml b/.github/workflows/api-docs.yml
new file mode 100644
index 0000000..ea02432
--- /dev/null
+++ b/.github/workflows/api-docs.yml
@@ -0,0 +1,33 @@
+name: API Docs
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - openapi.json
+      - docs/api/**
+
+permissions:
+  pages: write
+  id-token: write
+
+concurrency:
+  group: pages
+  cancel-in-progress: true
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Prepare site
+        run: |
+          mkdir _site
+          cp openapi.json _site/
+          cp docs/api/index.html _site/
+      - uses: actions/upload-pages-artifact@v3
+      - id: deployment
+        uses: actions/deploy-pages@v4
diff --git a/openapi.json b/openapi.json
index 697e732..a887969 100644
--- a/openapi.json
+++ b/openapi.json
@@ -728,6 +728,96 @@
         "summary": "List scans"
       }
     },
+    "/public/v1/scans/{workflow_request_id}/bugs": {
+      "get": {
+        "description": "Returns all bugs found in a specific scan identified by its workflow request ID.",
+        "operationId": "listPublicScanBugs",
+        "parameters": [
+          {
+            "in": "path",
+            "name": "workflow_request_id",
+            "required": true,
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "in": "query",
+            "name": "limit",
+            "required": false,
+            "schema": {
+              "default": 50,
+              "maximum": 100,
+              "minimum": 1,
+              "type": "integer"
+            }
+          },
+          {
+            "in": "query",
+            "name": "offset",
+            "required": false,
+            "schema": {
+              "default": 0,
+              "minimum": 0,
+              "type": "integer"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "properties": {
+                    "bugs": {
+                      "items": {
+                        "$ref": "#/components/schemas/Bug"
+                      },
+                      "type": "array"
+                    },
+                    "total": {
+                      "type": "integer"
+                    }
+                  },
+                  "required": [
+                    "bugs",
+                    "total"
+                  ],
+                  "type": "object"
+                }
+              }
+            },
+            "description": "OK"
+          },
+          "4XX": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ApiError"
+                }
+              }
+            },
+            "description": "Client error"
+          },
+          "5XX": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ApiError"
+                }
+              }
+            },
+            "description": "Server error"
+          }
+        },
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "summary": "List bugs for a scan"
+      }
+    },
     "/public/v1/user": {
       "get": {
         "description": "Returns the authenticated user's email and organization memberships.",