security-zap-scan
OWASP ZAP Baseline Security Scan
Run a ZAP baseline security scan against the local application.
Workflow
-
Check prerequisites:
- Verify Docker is installed and running:
docker info - Check if
scripts/zap-baseline.shexists in the project
- Verify Docker is installed and running:
-
Execute scan:
- If the script exists, run:
bash scripts/zap-baseline.sh - If the script does not exist, inform the user that this project does not have a ZAP baseline scan configured
- If the script exists, run:
-
Analyze results:
- After the scan completes, read
zap-report.html(orzap-report.mdfor text) - Summarize findings:
- Total number of alerts by risk level (High, Medium, Low, Informational)
- List each Medium+ finding with its rule ID, name, and recommended fix
- Categorize findings as "infrastructure-level" (fix at CDN/proxy) vs "application-level" (fix in code)
- After the scan completes, read
-
Handle failures:
- If the scan failed, explain what failed and suggest concrete remediation steps
Execution
Run the scan now.
More from codyswanngt/lisa
claude-code-action
Knowledge base for creating and configuring Claude Code Action GitHub workflows
43lisa-review-project
This skill should be used when comparing Lisa's source templates against a target project's implementation to identify drift. It validates the Lisa directory, detects project types, scans template directories, compares files, categorizes changes, and offers to adopt improvements back into Lisa. This is the inverse of lisa:review-implementation.
39lisa-integration-test
This skill should be used when integration testing Lisa against a downstream project. It applies Lisa templates, verifies the project still builds, and if anything breaks, fixes the templates upstream in Lisa and retries until the project passes all checks.
37lisa-learn
This skill should be used when analyzing a downstream project's git diff after Lisa was applied to identify improvements that should be upstreamed back to Lisa templates. It validates the environment, captures the diff, correlates changes with Lisa template directories, categorizes each change, and offers to upstream improvements.
35jsdoc-best-practices
Enforces JSDoc documentation standards for this TypeScript project. This skill should be used when writing or reviewing TypeScript code to ensure proper documentation with file preambles, function docs, interface docs, and the critical distinction between documenting "what" vs "why". Use this skill to understand the project's JSDoc ESLint rules and established patterns.
34plan-lower-code-complexity
This skill should be used when reducing the cognitive complexity threshold of the codebase. It lowers the threshold by 2, identifies functions that exceed the new limit, generates a brief with refactoring strategies, and creates a plan with tasks to fix all violations.
23