Tsun
Developer-first DAST CLI powered by OWASP ZAP
Details
- Categories
- Developer ToolsAnalytics & Monitoring
- Use Cases
- Testing & QACI/CDCode Development
- Target Audience
- DevelopersDevOps EngineersSmall Businesses
- Platforms
- CLI
About Tsun
Tsun is a CLI-first Dynamic Application Security Testing (DAST) tool built on top of OWASP ZAP, designed for small SaaS teams that want real security scanning without enterprise overhead. It runs authenticated scans locally or in CI with predictable runtimes, sane defaults, and low noise — so engineers actually keep it enabled. Key features: Authenticated scans (headers, cookies, login hooks) CI-friendly profiles with time and URL caps Baseline comparisons to show what changed JSON, HTML, and SARIF output (GitHub Code Scanning ready) Fully local execution — no SaaS account required The core CLI is free and open-source. Pro adds baselines, deep scans, and workflow guardrails for teams that want cleaner CI and less noise. Built by a security engineer for developers who want ZAP-level power without heavyweight platforms.
Product Insights
Tsun provides a CLI-first DAST solution for localized and CI-integrated security testing based on OWASP ZAP. It enables authenticated vulnerability scanning across multiple formats without requiring a SaaS account or complex infrastructure.
- Native support for authenticated scans via headers, cookies, and login hooks.
- Localized execution ensures data privacy and eliminates external SaaS dependencies.
- Integrated baseline comparisons to identify security regressions during development.
- Standardized output formats including SARIF for seamless GitHub Code Scanning integration.
Ideal for: Developers and DevOps engineers at small businesses needing to integrate predictable DAST scanning into their local workflows or CI/CD pipelines.
Reviews (0)
No reviews yet. Be the first to rate this product!
Comments (0)
No comments yet. Be the first to share your thoughts!