OWASP ZAP has an API that we can use. Additionally, there is a Python module for consuming the API. We will try and use that to learn how to write our own Ansible modules.
OWASP ZAP module
Create ZAP using Docker
For our development, let's use a Docker container to get ZAP going. Since we plan to use the API, we will run the container in headless mode:
$ docker run -u zap -p 8080:8080 -i owasp/zap2docker-stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true
Explanation of the command
- While we are doing dev, we can disable the API key: -config api.disablekey=true
- Allow access to the API from any IP: -config api.addrs.addr.name...