integrating-dast-with-owasp-zap-in-pipeline

# Integrating DAST with OWASP ZAP in Pipeline ## When to Use - When testing running web applications for vulnerabilities like XSS, SQLi, CSRF, and misconfigurations - When SAST alone is insufficient and runtime behavior testing is required - When compliance mandates dynamic security testing of web applications before production - When testing APIs (REST/GraphQL) for authentication, authorization, and injection flaws - When establishing continuous DAST scanning in staging environments before production deployment **Do not use** for scanning source code (use SAST), for scanning dependencies (use SCA), or for infrastructure configuration scanning (use IaC scanning tools). ## Prerequisites - OWASP ZAP Docker image or installed locally (zaproxy/zap-stable or zaproxy/action-*) - Running target application accessible from the CI/CD runner (staging URL or Docker service) - ZAP scan rules configuration (optional, for tuning) - OpenAPI/Swagger specification for API scanning (optional) ## Workflow ### Step 1: Configure ZAP Baseline Scan in GitHub Actions ```yaml # .github/workflows/dast-scan.yml name: DAST Security Scan on: deployment_status: workflow_dispatch: inputs: target_url: description: 'Target URL to scan' required: true jobs: zap-baseline: name: ZAP Baseline Scan runs-on: ubuntu-latest services: webapp: image: ${{ github.repository }}:${{ github.sha }} ports: - 8080:8080 options: --hea...