OWASP ZAP Integration Guide

Integrate OWASP ZAP with Vulnetix. Run automated baseline, full, or API scans against web applications using Docker.

Install & scan

$ docker pull ghcr.io/zaproxy/zaproxy:stable
$ docker run --rm -v $(pwd):/zap/wrk/:rw ghcr.io/zaproxy/zaproxy:stable zap-baseline.py -t https://target.com -J zap-report.json

Run OWASP ZAP in CI

Scan on every push and upload the results to Vulnetix:

- name: Run OWASP ZAP Baseline Scan
  run: |
    docker run --rm -v ${{ github.workspace }}:/zap/wrk/:rw \
      ghcr.io/zaproxy/zaproxy:stable \
      zap-baseline.py -t https://${{ env.TARGET_URL }} -J zap-report.json
- name: Upload to Vulnetix
  run: vulnetix upload --file zap-report.json

Centralise OWASP ZAP results in Vulnetix

Upload OWASP ZAP SARIF output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

OWASP ZAP documentation ↗  ·  Source repository ↗

Wire OWASP ZAP into your CI/CD pipeline →