Jit now supports GitLab! Learn how to implement automated code security across your projects in minutes.

Learn more

The Easiest Way to Implement OWASP ZAP and Scan your Web Apps and APIs

Jit simplifies the configuration and deployment of OWASP ZAP, so you can quickly begin scanning your web apps and APIs for vulnerabilities.
Book a Demo

What is OWASP ZAP?

OWASP ZAP is a Dynamic Application Security Testing (DAST) tool that scans web applications in runtime to surface software vulnerabilities that could enable malicious activity. It is the world's most widely used web app scanner.

Configuring and implementing OWASP ZAP can be time-consuming, which is why Jit simplifies OWASP ZAP deployment.

Simplify OWASP ZAP Implementation and 
Management with Jit

Simply fill in the parameters in Jit’s configuration wizard to deploy OWASP ZAP and begin scanning your web applications and APIs. Configure scans to run after each deployment or on a daily basis, and view results in Jit’s backlog, which can prioritize vulnerabilities based on runtime context that determines exploitability in production.
Step 1: Activate scanning for your web applications and/or APIs

Step 1: Activate scanning for your web applications and/or APIs

Login to Jit and navigate to the Dynamic Application Security Testing Plan under the Security Plans tab.
Activate one of both of the security controls: “Scan your API for vulnerabilities” or “Scan your web application for vulnerabilities”.
Activation will kick off the configuration flow described below.

Step 2: Configure OWASP ZAP to scan your web applications

Paste your Target URL, enable your preferred authentication method, and add your API domain. Learn more about these parameters here.
Define the trigger conditions to highlight specific vulnerabilities.
Optionally integrate notifications with Slack to monitor your alerts.
Step 2: Configure OWASP ZAP to scan your web applications
Step 3: Configure OWASP ZAP to scan your APIs

Step 3: Configure OWASP ZAP to scan your APIs

Add your application name and upload an Open API file, which defines the endpoints to be scanned. Learn more about these parameters here.
Add the API Domain, which is the base URL where the API is hosted and serves as the entry point for making API requests.
Enable your preferred authentication method, define the trigger conditions, and optionally integrate with Slack to centralize your alerts.

Step 4: Automatically prioritize and remediate vulnerabilities

After running your OWASP ZAP scans, view and filter security findings by team, repo, security tool, severity, and more in Jit’s backlog.
Use Jit Actions to remediate vulnerabilities in bulk by automatically creating PRs that fix groups of vulnerabilities at a time.
Automatically prioritize product security vulnerabilities with Context Engine, which uses ML to analyze runtime context to highlight security issues that introduce the highest risks.
Step 4: Automatically prioritize and remediate vulnerabilities