diff --git a/app/models/project.rb b/app/models/project.rb
index 3387a55f20d917f36e9b3c5acd0f06e47a069a22..ffb5879b9775f367c69e02d6443f27a044daddbb 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -474,6 +474,7 @@ def self.integration_association_name(name)
   delegate :default_git_depth, :default_git_depth=, to: :ci_cd_settings, prefix: :ci, allow_nil: true
   delegate :forward_deployment_enabled, :forward_deployment_enabled=, to: :ci_cd_settings, prefix: :ci, allow_nil: true
   delegate :job_token_scope_enabled, :job_token_scope_enabled=, to: :ci_cd_settings, prefix: :ci, allow_nil: true
+  delegate :inbound_job_token_scope_enabled, :inbound_job_token_scope_enabled=, to: :ci_cd_settings, prefix: :ci, allow_nil: true
   delegate :keep_latest_artifact, :keep_latest_artifact=, to: :ci_cd_settings, allow_nil: true
   delegate :opt_in_jwt, :opt_in_jwt=, to: :ci_cd_settings, prefix: :ci, allow_nil: true
   delegate :allow_fork_pipelines_to_run_in_parent_project, :allow_fork_pipelines_to_run_in_parent_project=, to: :ci_cd_settings, prefix: :ci, allow_nil: true
@@ -2889,6 +2890,12 @@ def ci_job_token_scope_enabled?
     ci_cd_settings.job_token_scope_enabled?
   end
 
+  def ci_inbound_job_token_scope_enabled?
+    return false unless ci_cd_settings
+
+    ci_cd_settings.inbound_job_token_scope_enabled?
+  end
+
   def restrict_user_defined_variables?
     return false unless ci_cd_settings
 
diff --git a/db/migrate/20220927155407_add_column_inbound_job_token_scope_enabled_to_ci_cd_setting.rb b/db/migrate/20220927155407_add_column_inbound_job_token_scope_enabled_to_ci_cd_setting.rb
new file mode 100644
index 0000000000000000000000000000000000000000..811138cd2f200f757bb6e2f88df0b4f53ba92acf
--- /dev/null
+++ b/db/migrate/20220927155407_add_column_inbound_job_token_scope_enabled_to_ci_cd_setting.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class AddColumnInboundJobTokenScopeEnabledToCiCdSetting < Gitlab::Database::Migration[2.0]
+  enable_lock_retries!
+
+  def up
+    add_column :project_ci_cd_settings, :inbound_job_token_scope_enabled, :boolean, default: false, null: false
+  end
+
+  def down
+    remove_column :project_ci_cd_settings, :inbound_job_token_scope_enabled
+  end
+end
diff --git a/db/schema_migrations/20220927155407 b/db/schema_migrations/20220927155407
new file mode 100644
index 0000000000000000000000000000000000000000..a704ba7cb4167adda4d616df793a3c8e3b70d70f
--- /dev/null
+++ b/db/schema_migrations/20220927155407
@@ -0,0 +1 @@
+97bdc9d31ed93897f3133459779207b3b750530b615e243a625681d433090e94
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index d6665c0999dc03a16cc996c1d6b17368f4b53d68..f0eb61ab21ca2829de6f7d70eaa1cea9a286fbbf 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -19645,7 +19645,8 @@ CREATE TABLE project_ci_cd_settings (
     runner_token_expiration_interval integer,
     separated_caches boolean DEFAULT true NOT NULL,
     opt_in_jwt boolean DEFAULT false NOT NULL,
-    allow_fork_pipelines_to_run_in_parent_project boolean DEFAULT true NOT NULL
+    allow_fork_pipelines_to_run_in_parent_project boolean DEFAULT true NOT NULL,
+    inbound_job_token_scope_enabled boolean DEFAULT false NOT NULL
 );
 
 CREATE SEQUENCE project_ci_cd_settings_id_seq
diff --git a/spec/factories/projects.rb b/spec/factories/projects.rb
index 871917a725ec83858692c1a4afa31c644f5ca274..0ee834a5eef5e961e51ee219550af1eb6209bc30 100644
--- a/spec/factories/projects.rb
+++ b/spec/factories/projects.rb
@@ -55,6 +55,7 @@
       forward_deployment_enabled { nil }
       restrict_user_defined_variables { nil }
       ci_job_token_scope_enabled { nil }
+      ci_inbound_job_token_scope_enabled { nil }
       runner_token_expiration_interval { nil }
       runner_token_expiration_interval_human_readable { nil }
     end
@@ -113,6 +114,7 @@
       project.keep_latest_artifact = evaluator.keep_latest_artifact unless evaluator.keep_latest_artifact.nil?
       project.restrict_user_defined_variables = evaluator.restrict_user_defined_variables unless evaluator.restrict_user_defined_variables.nil?
       project.ci_job_token_scope_enabled = evaluator.ci_job_token_scope_enabled unless evaluator.ci_job_token_scope_enabled.nil?
+      project.ci_inbound_job_token_scope_enabled = evaluator.ci_inbound_job_token_scope_enabled unless evaluator.ci_inbound_job_token_scope_enabled.nil?
       project.runner_token_expiration_interval = evaluator.runner_token_expiration_interval unless evaluator.runner_token_expiration_interval.nil?
       project.runner_token_expiration_interval_human_readable = evaluator.runner_token_expiration_interval_human_readable unless evaluator.runner_token_expiration_interval_human_readable.nil?
 
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index aef665bb585f2445fe4d5dce507364155b68318e..f2a72db70a0de33385aee7315c3b67c79316cdf8 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -912,6 +912,12 @@
       end
     end
 
+    describe '#ci_inbound_job_token_scope_enabled?' do
+      it_behaves_like 'a ci_cd_settings predicate method', prefix: 'ci_' do
+        let(:delegated_method) { :inbound_job_token_scope_enabled? }
+      end
+    end
+
     describe '#restrict_user_defined_variables?' do
       it_behaves_like 'a ci_cd_settings predicate method' do
         let(:delegated_method) { :restrict_user_defined_variables? }
diff --git a/spec/requests/api/project_attributes.yml b/spec/requests/api/project_attributes.yml
index 73b23e8b701b7e7b7e371090acaec512e9f207f4..eef6dfe9422fcb805245ec8c062b5db42fcd293f 100644
--- a/spec/requests/api/project_attributes.yml
+++ b/spec/requests/api/project_attributes.yml
@@ -90,11 +90,10 @@ ci_cd_settings:
     - id
     - project_id
     - group_runners_enabled
-    - merge_pipelines_enabled
     - merge_trains_enabled
     - merge_pipelines_enabled
-    - merge_trains_enabled
     - auto_rollback_enabled
+    - inbound_job_token_scope_enabled
   remapped_attributes:
     default_git_depth: ci_default_git_depth
     forward_deployment_enabled: ci_forward_deployment_enabled