We are trying to use Zap proxy in our CICD pipelines. There are test cases written using various tools like UFT(https://www.microfocus.com/en-us/products/unified-functional-automated-testing/overview) , Seleneium etc . I don't want to write the test cases specially for zap proxy scanning but use the functional test cases from various tool and use them to proxy through zap run active scanning on all the url's I am not sure how much this can be automated or Zap can already do that(I know about passive scanning but also want active scanning)
0
votes
1 Answers
1
votes
I did that in the post and even blogged about it here - see the dynamic security tests section. You can also see a live demo of a similar flow on this fork. This commit contains the relevant changes to achieve that.
After scanning the website with the functional test, you can invoke active scan using either Zap API or zap CLI. Let me know if that helped :)
