Download

Software Bill of Materials

ZAP includes a runtime Software Bill of Materials (SBOM) generated by CycloneDX for both the ZAP core and all of the add-ons maintained by the ZAP team. Each SBOM will appear as a file called “bom.json” included at the root of the ZAP JARs.

Runtime SBOMs for the ZAP core and the add-ons you have installed can be accessed in ZAP as per the Software Bill of Materials help page.

Note that SBOMs may not be available if you run ZAP from the source code, and some 3rd party add-ons may also not define them.

The full set of available build time add-on SBOMs are:

Name Components
Access Control Testing Add-on SBOM 133
Active scanner rules (alpha) Add-on SBOM 151
Active scanner rules (beta) Add-on SBOM 167
Active scanner rules Add-on SBOM 169
Advanced SQLInjection Scanner Add-on SBOM 134
Ajax Spider Add-on SBOM 198
Alert Filters Add-on SBOM 136
Authentication Helper Add-on SBOM 263
Automation Framework Add-on SBOM 133
Call Home Add-on SBOM 119
Client Side Integration Add-on SBOM 206
Common Library Add-on SBOM 132
Custom Payloads Add-on SBOM 134
Database Add-on SBOM 135
Dev Add-on Add-on SBOM 129
Diff Add-on SBOM 87
Directory List v1.0 Add-on SBOM 65
DOM XSS Active scanner rule Add-on SBOM 189
Encoder Add-on SBOM 133
Eval Villain Add-on SBOM 61
Forced Browse Add-on SBOM 134
Foxhound ZAP Add-on Add-on SBOM 192
FuzzAI Files Add-on SBOM 60
Fuzzer Add-on SBOM 133
Getting Started with ZAP Guide Add-on SBOM 72
GraalVM JavaScript Add-on SBOM 152
GraphQL Support Add-on SBOM 159
Groovy Support Add-on SBOM 194
gRPC Support Add-on SBOM 134
HTTPS Info Add-on SBOM 139
Image Location and Privacy Scanner Add-on SBOM 135
Import/Export Add-on SBOM 138
Insights Add-on SBOM 166
Invoke Applications Add-on SBOM 86
Linux WebDrivers Add-on SBOM 71
macOS WebDrivers Add-on SBOM 71
MCP Integration Add-on SBOM 183
Network Add-on SBOM 114
OAST Support Add-on SBOM 167
Online menus Add-on SBOM 72
OpenAPI Support Add-on SBOM 244
Parameter Digger Add-on SBOM 118
Passive Scanner Add-on SBOM 135
Passive scanner rules (alpha) Add-on SBOM 134
Passive scanner rules (beta) Add-on SBOM 134
Passive scanner rules Add-on SBOM 142
Postman Support Add-on SBOM 135
Python Scripting Add-on SBOM 120
Quick Start Add-on SBOM 242
Replacer Add-on SBOM 134
Report Generation Add-on SBOM 167
Requester Add-on SBOM 133
Retest Add-on SBOM 124
Retire.js Add-on SBOM 135
Reveal Add-on SBOM 114
Revisit Add-on SBOM 66
SAML Support Add-on SBOM 79
Scan Policies Add-on SBOM 71
Script Console Add-on SBOM 135
Selenium Add-on SBOM 179
Sequence Add-on SBOM 197
Server-Sent Events Add-on SBOM 107
SOAP Support Add-on SBOM 165
Spider Add-on SBOM 150
Technology Detection Add-on SBOM 138
Tips and Tricks Add-on SBOM 72
Token Generation and Analysis Add-on SBOM 120
Value Generator Add-on SBOM 134
WebSockets Add-on SBOM 139
Windows WebDrivers Add-on SBOM 71
Zest - Graphical Security Scripting Language Add-on SBOM 195