All integrations
DAST

OWASP ZAP integration

Export the ZAP scan report as XML and upload it against the OWASP source. Alerts are imported per site with CWE and risk-code mapping.

Scan types imported

  • Active and passive web application scan alerts

File import

XML

The template walks one alertitem per finding under each scanned site.

What Centraleyezer expects in the file

  • Per alert: alert name, description, solution, other info, CWE ID and risk code (0–3), which drives risk scoring.
  • Web assets are matched by the site name/URL.

How imported findings are risk-scored

Every OWASP ZAP finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.

See the OWASP ZAP integration live

Book a demo and we’ll connect your OWASP ZAP data and walk through risk-based prioritisation on your own findings.

OWASP ZAP Integration — Setup & Imported Scan Types