security-zap-scan

OWASP ZAP Baseline Security Scan

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-zap-scan" with this command: npx skills add codyswanngt/lisa/codyswanngt-lisa-security-zap-scan

OWASP ZAP Baseline Security Scan

Run a ZAP baseline security scan against the local application.

Workflow

Check prerequisites:

  • Verify Docker is installed and running: docker info

  • Check if scripts/zap-baseline.sh exists in the project

Execute scan:

  • If the script exists, run: bash scripts/zap-baseline.sh

  • If the script does not exist, inform the user that this project does not have a ZAP baseline scan configured

Analyze results:

  • After the scan completes, read zap-report.html (or zap-report.md for text)

  • Summarize findings:

  • Total number of alerts by risk level (High, Medium, Low, Informational)

  • List each Medium+ finding with its rule ID, name, and recommended fix

  • Categorize findings as "infrastructure-level" (fix at CDN/proxy) vs "application-level" (fix in code)

Handle failures:

  • If the scan failed, explain what failed and suggest concrete remediation steps

Execution

Run the scan now.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

lisa-review-project

No summary provided by upstream source.

Repository SourceNeeds Review
38-codyswanngt
General

lisa-integration-test

No summary provided by upstream source.

Repository SourceNeeds Review
36-codyswanngt
General

jsdoc-best-practices

No summary provided by upstream source.

Repository SourceNeeds Review
34-codyswanngt
General

lisa-learn

No summary provided by upstream source.

Repository SourceNeeds Review
33-codyswanngt