Using ZAP as a Long-Running Service for SAST: My Experience and Future Plans
52 views
Skip to first unread message
Muhammad Zubair
Mar 27, 2023, 3:10:29 AM3/27/23
to OWASP ZAP User Group
Hello Zap Team,
Thank you for your comment. I would like to share my experience using ZAP as a long running service. So far, it has been working well for us and we are even considering using it for SAST as well.
To achieve this, I am planning to have a localhost connected to the live server, with the extension installed in VS Code (I will develop the extension ). As developers compile and run their code on the localhost, it will be scanned by ZAP and a report will be sent by email daily. This approach eliminates the need for a tool with language dependencies for SAST.
I am planning to write a blog on this project once it is complete. If you have any suggestions or advice, please feel free to share.
Thank you again for your comment and for developing such a useful tool.
Thank you for your comment. I would like to share my experience using ZAP as a long running service. So far, it has been working well for us and we are even considering using it for SAST as well.
To achieve this, I am planning to have a localhost connected to the live server, with the extension installed in VS Code (I will develop the extension ). As developers compile and run their code on the localhost, it will be scanned by ZAP and a report will be sent by email daily. This approach eliminates the need for a tool with language dependencies for SAST.
I am planning to write a blog on this project once it is complete. If you have any suggestions or advice, please feel free to share.
Thank you again for your comment and for developing such a useful tool.
Reply all
Reply to author
Forward
0 new messages