At Banzai Cloud we use our dast-operator which leverages OWASP ZAP to run baseline scans against the services we deploy on the K8S cluster. This operator deploys OWASP ZAP to the K8S cluster and initiates automated security testing for web applications and APIs based on OpenAPI definitions. Besides the operator responsible for starting the scan against a service, it can prevent opening a vulnerable service to outside. The prevention mechanism is based on the built-in admission controller which is watching the ingress resources. The admission controller checks the backend services of the ingress and makes a decision depending on the result of the OWASP ZAP scans.