Software Bill of Materials

ZAP includes a runtime Software Bill of Materials (SBOM) generated by CycloneDX for both the ZAP core and all of the add-ons maintained by the ZAP team. Each SBOM will appear as a file called “bom.json” included at the root of the ZAP JARs.

Runtime SBOMs for the ZAP core and the add-ons you have installed can be accessed in ZAP as per the Software Bill of Materials help page.

Note that SBOMs may not be available if you run ZAP from the source code, and some 3rd party add-ons may also not define them.

The full set of available build time add-on SBOMs are:

Name Components
Access Control Testing Add-on SBOM 119
Active scanner rules (alpha) Add-on SBOM 119
Active scanner rules (beta) Add-on SBOM 143
Active scanner rules Add-on SBOM 145
Ajax Spider Add-on SBOM 189
Alert Filters Add-on SBOM 120
Authentication Helper Add-on SBOM 185
Automation Framework Add-on SBOM 120
Call Home Add-on SBOM 107
Client Side Integration Add-on SBOM 185
Common Library Add-on SBOM 119
Custom Payloads Add-on SBOM 105
Database Add-on SBOM 117
Dev Add-on Add-on SBOM 98
Diff Add-on SBOM 74
Directory List v1.0 Add-on SBOM 60
DOM XSS Active scanner rule Add-on SBOM 182
Encoder Add-on SBOM 119
Forced Browse Add-on SBOM 119
Fuzzer Add-on SBOM 124
Getting Started with ZAP Guide Add-on SBOM 60
GraalVM JavaScript Add-on SBOM 132
GraphQL Support Add-on SBOM 137
Groovy Support Add-on SBOM 165
gRPC Support Add-on SBOM 116
Image Location and Privacy Scanner Add-on SBOM 121
Import/Export Add-on SBOM 120
Invoke Applications Add-on SBOM 73
Linux WebDrivers Add-on SBOM 122
MacOS WebDrivers Add-on SBOM 122
Network Add-on SBOM 102
OAST Support Add-on SBOM 141
Online menus Add-on SBOM 60
OpenAPI Support Add-on SBOM 175
Passive scanner rules (alpha) Add-on SBOM 120
Passive scanner rules (beta) Add-on SBOM 120
Passive scanner rules Add-on SBOM 122
Postman Support Add-on SBOM 120
Python Scripting Add-on SBOM 120
Quick Start Add-on SBOM 194
Replacer Add-on SBOM 120
Report Generation Add-on SBOM 134
Requester Add-on SBOM 119
Retest Add-on SBOM 120
Retire.js Add-on SBOM 120
Reveal Add-on SBOM 60
Revisit Add-on SBOM 63
Script Console Add-on SBOM 122
Selenium Add-on SBOM 170
Sequence Add-on SBOM 63
Server-Sent Events Add-on SBOM 107
SOAP Support Add-on SBOM 147
Spider Add-on SBOM 132
Technology Detection Add-on SBOM 124
Tips and Tricks Add-on SBOM 60
Value Generator Add-on SBOM 107
WebSockets Add-on SBOM 126
Windows WebDrivers Add-on SBOM 122
Zest - Graphical Security Scripting Language Add-on SBOM 185