Software Bill of Materials

ZAP includes a runtime Software Bill of Materials (SBOM) generated by CycloneDX for both the ZAP core and all of the add-ons maintained by the ZAP team. Each SBOM will appear as a file called “bom.json” included at the root of the ZAP JARs.

Runtime SBOMs for the ZAP core and the add-ons you have installed can be accessed in ZAP as per the Software Bill of Materials help page.

Note that SBOMs may not be available if you run ZAP from the source code, and some 3rd party add-ons may also not define them.

The full set of available build time add-on SBOMs are:

Name Components
Access Control Testing Add-on SBOM 119
Active scanner rules (alpha) Add-on SBOM 129
Active scanner rules (beta) Add-on SBOM 155
Active scanner rules Add-on SBOM 156
Advanced SQLInjection Scanner Add-on SBOM 83
Ajax Spider Add-on SBOM 194
Alert Filters Add-on SBOM 131
Authentication Helper Add-on SBOM 238
Automation Framework Add-on SBOM 129
Call Home Add-on SBOM 111
Client Side Integration Add-on SBOM 182
Common Library Add-on SBOM 128
Custom Payloads Add-on SBOM 124
Database Add-on SBOM 130
Dev Add-on Add-on SBOM 129
Diff Add-on SBOM 80
Directory List v1.0 Add-on SBOM 65
DOM XSS Active scanner rule Add-on SBOM 185
Encoder Add-on SBOM 129
Eval Villain Add-on SBOM 61
Forced Browse Add-on SBOM 124
FuzzAI Files Add-on SBOM 60
Fuzzer Add-on SBOM 133
Getting Started with ZAP Guide Add-on SBOM 65
GraalVM JavaScript Add-on SBOM 137
GraphQL Support Add-on SBOM 154
Groovy Support Add-on SBOM 165
gRPC Support Add-on SBOM 134
Image Location and Privacy Scanner Add-on SBOM 131
Import/Export Add-on SBOM 133
Invoke Applications Add-on SBOM 79
Linux WebDrivers Add-on SBOM 127
MacOS WebDrivers Add-on SBOM 127
Network Add-on SBOM 109
OAST Support Add-on SBOM 157
Online menus Add-on SBOM 65
OpenAPI Support Add-on SBOM 185
Parameter Digger Add-on SBOM 118
Passive Scanner Add-on SBOM 130
Passive scanner rules (alpha) Add-on SBOM 130
Passive scanner rules (beta) Add-on SBOM 130
Passive scanner rules Add-on SBOM 132
Postman Support Add-on SBOM 124
Python Scripting Add-on SBOM 120
Quick Start Add-on SBOM 195
Replacer Add-on SBOM 124
Report Generation Add-on SBOM 145
Requester Add-on SBOM 124
Retest Add-on SBOM 124
Retire.js Add-on SBOM 129
Reveal Add-on SBOM 114
Revisit Add-on SBOM 66
Scan Policies Add-on SBOM 66
Script Console Add-on SBOM 132
Selenium Add-on SBOM 176
Sequence Add-on SBOM 189
Server-Sent Events Add-on SBOM 107
SOAP Support Add-on SBOM 159
Spider Add-on SBOM 144
Technology Detection Add-on SBOM 134
Tips and Tricks Add-on SBOM 65
Value Generator Add-on SBOM 124
WebSockets Add-on SBOM 135
Windows WebDrivers Add-on SBOM 127
Zest - Graphical Security Scripting Language Add-on SBOM 184