ZAP includes a runtime Software Bill of Materials (SBOM) generated by CycloneDX for both the ZAP core and all of the add-ons maintained by the ZAP team. Each SBOM will appear as a file called “bom.json” included at the root of the ZAP JARs.
Note that SBOMs may not be available if you run ZAP from the source code, and some 3rd party add-ons may also not define them.
A zip file containing all of the available SBOM files can be generated via the following options. The ZAP core SBOM file will be called “zap-core-bom.json” and the add-on SBOM files will be called “<addon-id>-bom.json”.
The Help menu “Support Info…” dialog “Save SBOM zip…” button.
The “-sbomzip” Command Line option.
The core “createSbomZip” API action.
|for an overview of the user interface
|provided by ZAP