OWASP ZAP
OWASP ZAP Automated Security Testing: CI/CD Integration and API Scanning
OWASP ZAP is the most widely used open-source web application security scanner. This guide covers integrating ZAP's Docker-based full scan and API scanning into GitHub Actions CI/CD pipelines, configuring authentication for authenticated scans, and handling alert triage to keep pipelines actionable. Key Takeaways Run ZAP as Docker