The new Automation Framework will in time replace the Command Line and Packaged Scan options. It allows you to control ZAP via one YAML file and provides more flexibility while not being tied to any specific container technology.
To use the Automation Framework with ZAP 2.10.0 install the Automation Framework add-on and update the rest of the add-ons that you have installed. The framework is plugable and many of the existing add-ons have been enhanced to support it. It is included in the latest weekly releases.
For details of how to get started with the framework see the main framework help page.
The full set of jobs currently supported by the framework are:
- activeScan - runs the active scanner
- addons - add-on management
- alertFilter - alert filter configuration, provided with the Alert Filters add-on
- graphql - GraphQL schema import, provided with the GraphQL add-on
- openapi - OpenAPI definition import, provided with the OpenAPI add-on
- passiveScan-config - passive scan configuration
- passiveScan-wait - waits for the passive scanner to finish processing the current queue
- report - report generation, provided with the Report Generation add-on
- requestor - send specific requests to targets
- soap - SOAP WSDL import, provided with the SOAP add-on
- spider - runs the traditional spider
- spiderAjax - runs the ajax spider, provided with the Ajax Spider add-on
For details of future changes planned see the tracker issue.