OWASP ZAP is a great addition to any security team's arsenal of tools. It provides complete flexibility in terms of what we can do with it and how it can fit into our setup. By combining ZAP with Jenkins, we can quickly set up a decent production-worthy continuous scanning workflow and align our process around it. Ansible allows us to install and configure all of these great tools using playbooks. This is great as it is mostly a one-time effort and then we can start seeing the results and the reports for ZAP.
Now that we are on our way to automating security tools, next we shall see the most popular vulnerability assessment tool, Nessus, and how we can build a similar workflow for vulnerability assessment for software and networks.