How can I call OWASP ZAP from the command line?
Adding Dynamic Application Security testing to your CI/CD pipeline can help you identify potential security threats earlier in the development cycle (did someone say 'Shift Left'?). There are many tools available to assist (SonarQube is very popular) but ZAP (from our friends at OWASP) gives insight into common vulnerabilities. To execute it from a COMMAND line 1. install JAVA 2. download the solution from here 3. navigate to your install folder on your drive (I used to the default "C:\Program Files\OWASP\Zed Proxy Attack"). 4. Release the hounds java -jar {YOUR ZAP VERSION} -cmd -quickurl {YOUR API TO QUERY} -quickprogress -quickout {FILE LOCATION TO STORE THE RESULTS} -nostdout My example is as follows: java -jar zap-2.11.0.jar -cmd -quickurl http://localhost/api/values -quickprogress -quickout "c:\temp\out.json" -nostdout