Open source · Apache 2.0

ZeroDAST

Enterprise-style dynamic application security testing (DAST) in GitHub Actions—built on OWASP ZAP—with authenticated REST coverage, PR deltas, baselines, and operator-ready artifacts. $0, no vendor lock-in.

View on GitHub Quick start Full README

What you get

CI DAST tuned for OpenAPI-backed REST APIs and real auth (adapters, not one-off scripts).
PR scans with delta scope and bot comments; nightly full scans with rollup triage.
Hardened, privilege-isolated pipeline: artifacts, inventories, remediation hints—built for maintainers.

Why not vanilla ZAP alone?

On many real APIs, unauthenticated or misconfigured scans reach zero useful endpoints. ZeroDAST focuses on token bootstrap + headers + roles so ZAP actually exercises your API surface in CI.

For site owners & SEO

This domain is the canonical landing page for the project. Submit the sitemap in Google Search Console (property: https://alphasudo.github.io/zerodast/ or URL-prefix). The repository remains the source of truth for code and deep docs.