How to add openapi addon and how to call the swagger.json url from ZAP-CLI

1,311 views
Skip to first unread message

Anil r

unread,
Jul 23, 2018, 2:43:19 PM7/23/18
to OWASP ZAP User Group
HI All,

I have followed the following blog post https://zaproxy.blogspot.com/2017/04/exploring-apis-with-zap.html and now i am able to hit the swagger url page and all the API are getting scanned.

But my question is I am able to do that using UI, how can I achieve this using ZAP-CLI.

Steps in UI:

First ,I have added the openapi addon from market place.
Second, In tools tab I can see an option called 'import an open API definition from url
Third, I gave my swagger.json url 
Fourth, It had scanned all the API's and gave the result.

Now how can I achieve the same in CI/CD using ZAP-CLI.

Simon Bennetts

unread,
Jul 24, 2018, 3:06:38 AM7/24/18
to OWASP ZAP User Group
We have a packaged scan that does just that: https://github.com/zaproxy/zaproxy/wiki/ZAP-API-Scan

Akshat Sehgal

unread,
Jul 10, 2020, 9:39:04 PM7/10/20
to OWASP ZAP User Group
How use this using JAVA API?

Simon Bennetts

unread,
Jul 13, 2020, 4:50:18 AM7/13/20
to OWASP ZAP User Group
Haver a look at how the API packaged scan does it: https://github.com/zaproxy/zaproxy/blob/develop/docker/zap-api-scan.py#L367
Reply all
Reply to author
Forward
0 new messages