All activity
ZeroDAST wraps OWASP ZAP inside a security-hardened CI pipeline with automated authentication, delta-scoped PR scanning, and intelligent reporting.
š 4 auth adapters ā handles custom headers, nested tokens, admin separation. Zero scripting. ā” ~3 min PR scans, ~5 min nightly scans š”ļø Privilege-isolated CI architecture ā PR code can't touch the scanner š 52% more findings than vanilla ZAP on 4 real-world targets (170k+ combined ā) š° $0 cost vs $180k+/year for enterprise DAST
GitHubEnterprise-grade CI DAST for your APIs. Free. Open source.
Ahmed Yasserleft a comment
Hey Product Hunt! I'm the solo developer behind ZeroDAST. I built this because I was frustrated that running vanilla ZAP against any real API with non-trivial auth gives you essentially zero API coverage. On 4 major open-source APIs, vanilla ZAP discovered 0 API endpoints. ZeroDAST discovered 48. The difference? An auth adapter framework that turns per-target custom scripting into declarative...
GitHubEnterprise-grade CI DAST for your APIs. Free. Open source.