Seeking research questions for a bachelor thesis involving ZAP automation

[Markus S]

  Hello everyone,

  For my upcoming 3-month bachelor thesis, I’m exploring potential research questions related to

automated security testing in CI/CD pipelines, ideally with a focus on ZAP.

My current idea is to build a pipeline that integrates different tools (e.g. SAST, DAST, dependency checks)
and to investigate how to improve or measure the effectiveness of automated DAST in such workflows
(e.g. false positives, scan timing, or orchestration of multiple tools).

Before I finalize my topic with my supervisors,
I would love to hear from the ZAP community:

•   Are there current challenges or gaps in automated ZAP usage or CI/CD integration that you think would be valuable to research?
•    Are there features, pain points, or upcoming changes where academic input could make a difference?

  Any ideas, hints, or even small pointers would be extremely helpful.

Of course, any information will only be used for academic purposes.

Thank you very much in advance!

Best regards,

Markus