Skills
skills/codyswanngt/lisa/security-zap-scan

security-zap-scan

SKILL.md

OWASP ZAP Baseline Security Scan

Run a ZAP baseline security scan against the local application.

Workflow

  1. Check prerequisites:

    • Verify Docker is installed and running: docker info
    • Check if scripts/zap-baseline.sh exists in the project

  2. Execute scan:

    • If the script exists, run: bash scripts/zap-baseline.sh
    • If the script does not exist, inform the user that this project does not have a ZAP baseline scan configured

  3. Analyze results:

    • After the scan completes, read zap-report.html (or zap-report.md for text)
    • Summarize findings:
      • Total number of alerts by risk level (High, Medium, Low, Informational)
      • List each Medium+ finding with its rule ID, name, and recommended fix
      • Categorize findings as "infrastructure-level" (fix at CDN/proxy) vs "application-level" (fix in code)

  4. Handle failures:

    • If the scan failed, explain what failed and suggest concrete remediation steps

Execution

Run the scan now.

Weekly Installs
21
Repository
codyswanngt/lisa
GitHub Stars
1
First Seen
Feb 10, 2026
Security Audits
Gen Agent Trust HubWarn
SocketPass
SnykPass
Installed on
codex21
amp20
github-copilot20
kimi-cli20
gemini-cli20
opencode20