Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
By Sarah Gooding - Sep 20, 2024
@saucelabs/zap
Advanced tools
Sauce Labs OWASP ZAP Node API 
The NodeJS implementation to access the OWASP ZAP API in Sauce Labs. This is a "Labs" project and for experimental use only.
Install
npm install @saucelabs/zap
Usage
Sauce Labs provides OWASP Zap instances in the cloud for you to use. You only need to authenticate with your Sauce account to access the API. Currently only the australia-southeast1 region is supported.
import SauceZAP from '@saucelabs/zap'
;(async () => {
const zaproxy = new SauceZAP({
user: process.env.SAUCE_USERNAME,
key: process.env.SAUCE_ACCESS_KEY,
region: 'apac' // only supported region so far
});
/**
* initiate cloud session (no other command will be accessible before)
*/
await zaproxy.session.newSession({ commandTimeout: 1000 * 60 })
/**
* run ZAP commands
*/
const { scan } = await zaproxy.spider.scan({ url: 'https://saucedemo.com' })
// ...
/**
* delete session
*/
await zaproxy.session.deleteSession()
})().catch(console.error)
Note: you can find a complete example in /examples/spider.ts
Attach to an Existing Session
If you already have a session running and you want to attach to it, you can do that by passing in the desired session id, e.g.:
const zaproxy = new SauceZAP({
user: process.env.SAUCE_USERNAME,
key: process.env.SAUCE_ACCESS_KEY,
region: 'apac',
sessionId: 'a71199b9-6016-4abd-a582-5b14f965a413'
});
/**
* no `newSession` call needed, you can immeditially run commands
*/
const { scan } = await zaproxy.spider.scan({ url: 'https://saucedemo.com' })
API
For a full API list, see https://www.zaproxy.org/docs/api. The Node API methods have the same signature as the API documentation.
Getting Help
For help using the OWASP ZAP API refer to:
- API Documentation;
- OWASP ZAP User Group - for asking questions;
For specific help with this Node API, contact @christian-bromann (the maintainer).
Issues
To report issues related to the OWASP ZAP Node API, bugs and enhancements requests, use the issue tracker of the main OWASP ZAP project.
FAQs
OWASP ZapProxy bindings for Node.js
We found that @saucelabs/zap demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 32 open source maintainers collaborating on the project.
Package last updated on 06 Oct 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Understanding License Exceptions: What Developers Need to Know
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
By Sarah Gooding - Sep 20, 2024
Security News
Developer Accuses Tencent of Copyright Violation After Python Utility’s License Changed from GPLv3 to BSD
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.
By Sarah Gooding - Sep 18, 2024