How can I call OWASP ZAP from the command line?

 Adding Dynamic Application Security testing to your CI/CD pipeline can help you identify potential security threats earlier in the development cycle (did someone say 'Shift Left'?). There are many tools available to assist (SonarQube is very popular) but ZAP (from our friends at OWASP) gives insight into common vulnerabilities.

To execute it from a COMMAND line

1. install JAVA

2. download the solution from here

3. navigate to your install folder on your drive (I used to the default "C:\Program Files\OWASP\Zed Proxy Attack").

4. Release the hounds

java -jar {YOUR ZAP VERSION} -cmd -quickurl {YOUR API TO QUERY} -quickprogress -quickout {FILE LOCATION TO STORE THE RESULTS} -nostdout

My example is as follows:

java -jar zap-2.11.0.jar -cmd -quickurl http://localhost/api/values -quickprogress -quickout "c:\temp\out.json" -nostdout


Comments

Popular posts from this blog

SharePoint 2013: Error updating managed account credentials

How can I call a JIRA api through Powershell?