GitHub
Enterprise-grade CI DAST for your APIs. Free. Open source.
Start new thread
Ahmed Yasser

GitHub - Enterprise-grade CI DAST for your APIs. Free. Open source.

byβ€’
ZeroDAST wraps OWASP ZAP inside a security-hardened CI pipeline with automated authentication, delta-scoped PR scanning, and intelligent reporting. πŸ” 4 auth adapters β€” handles custom headers, nested tokens, admin separation. Zero scripting. ⚑ ~3 min PR scans, ~5 min nightly scans πŸ›‘οΈ Privilege-isolated CI architecture β€” PR code can't touch the scanner πŸ“Š 52% more findings than vanilla ZAP on 4 real-world targets (170k+ combined ⭐) πŸ’° $0 cost vs $180k+/year for enterprise DAST

Add a comment

Replies

Best
Ahmed Yasser
Maker
πŸ“Œ
Hey Product Hunt! I'm the solo developer behind ZeroDAST. I built this because I was frustrated that running vanilla ZAP against any real API with non-trivial auth gives you essentially zero API coverage. On 4 major open-source APIs, vanilla ZAP discovered 0 API endpoints. ZeroDAST discovered 48. The difference? An auth adapter framework that turns per-target custom scripting into declarative config. It's not for everyone β€” REST APIs with token-based auth only, no SSO/MFA/GraphQL. But within that niche, it delivers enterprise-grade results at zero cost. Would love your feedback! What would make you try this on your own API?