OWASP ZAP Security Scan and Triage

Testing
6 nodes · 5 edgestesting
Visual
Open in Editor
ex-security-scan-zap.osop.yaml
# OWASP ZAP Security Scanning Pipeline
# Run ZAP scan, parse results, AI triage, create issues, notify
osop_version: "2.0"
id: security-scan-zap
name: OWASP ZAP Security Scan and Triage

nodes:
  - id: run_zap_scan
    type: cli
    purpose: Run OWASP ZAP active scan against target application
    runtime:
      command: >
        docker run --rm
        -v $(pwd)/reports:/zap/wrk
        zaproxy/zap-stable zap-full-scan.py
        -t https://staging.example.com
        -r zap-report.html
        -J zap-report.json
    outputs: [scan_report_json, scan_report_html]
    timeout_sec: 1800
    explain: |
      Runs a full active scan including spider, ajax spider,
      and active attack modules. Generates both JSON and HTML reports.

  - id: parse_results
    type: cli
    purpose: Parse ZAP JSON report and extract findings by severity
    runtime:
      command: >
        python scripts/parse_zap_results.py
        --input reports/zap-report.json
        --output reports/findings.json
    inputs: [scan_report_json]
    outputs: [findings, severity_summary]

  - id: triage_findings
    type: agent
    purpose: AI-assisted triage of security findings for false positives
    runtime:
      provider: anthropic
      model: claude-sonnet-4-20250514
    inputs: [findings]
    outputs: [triaged_findings, false_positive_list]
    explain: |
      The agent reviews each finding against the application context,
      filters likely false positives, prioritizes real vulnerabilities,
      and suggests remediation steps for confirmed issues.

  - id: create_issues
    type: api
    purpose: Create GitHub issues for confirmed security findings
    runtime:
      endpoint: github-issues
      method: POST
      url: "https://api.github.com/repos/org/app/issues"
    inputs: [triaged_findings]
    outputs: [issue_urls]
    security:
      credentials_source: env_var

  - id: notify_security_team
    type: api
    purpose: Send security scan summary to the security team channel
    runtime:
      endpoint: slack-webhook
      method: POST
      url: "{{SECURITY_SLACK_WEBHOOK}}"
    inputs: [severity_summary, issue_urls, false_positive_list]

  - id: update_dashboard
    type: api
    purpose: Push scan metrics to security dashboard
    runtime:
      endpoint: metrics
      method: POST
      url: "https://security-dashboard.internal/api/scans"
    inputs: [severity_summary, triaged_findings]

edges:
  - from: run_zap_scan
    to: parse_results
    mode: sequential

  - from: parse_results
    to: triage_findings
    mode: sequential

  - from: triage_findings
    to: create_issues
    mode: conditional
    condition: "triaged_findings.confirmed_count > 0"

  - from: triage_findings
    to: notify_security_team
    mode: parallel

  - from: create_issues
    to: update_dashboard
    mode: sequential
Previous
k6 Load Testing and Performance Analysis
Next
TDD Red-Green-Refactor Cycle