Integrating Noir into Your DAST Pipeline

Integrate Noir into your DAST pipeline to ensure security tools test all application endpoints.

Integrating with a Proxy Tool

Use Noir's deliver feature to send discovered endpoints to a proxy like OWASP ZAP, Burp Suite, or Caido.

noir -b . -u http://localhost:3000 --send-proxy "http://localhost:8080"

This scans the current directory, constructs URLs using http://localhost:3000 as the base, and sends all endpoints to the proxy at http://localhost:8080.

Integrating with ZAP Automation

Generate an OpenAPI specification with Noir and feed it into ZAP's automation framework.

1. Discover Endpoints:

   noir -b ~/app_source -f oas3 --no-log -o doc.json
   

2. Run ZAP Scan:

   ./zap.sh -openapifile ./doc.json \
       -openapitargeturl <TARGET> \
       -cmd -autorun zap.yaml <any other ZAP options>
   

For more details, see the ZAP blog post: Powering Up DAST with ZAP and Noir.