Integrating Noir into Your DAST Pipeline

Integrate Noir into your DAST pipeline with ZAP, Burp Suite, or Caido.

Integrate Noir into your DAST pipeline to ensure security tools test all application endpoints.

Integrating with a Proxy Tool

Use Noir's deliver feature to send discovered endpoints to a proxy like OWASP ZAP, Burp Suite, or Caido.

noir scan . -u http://localhost:3000 --probe-via "http://localhost:8080"

This scans the current directory, constructs URLs using http://localhost:3000 as the base, and sends all endpoints to the proxy at http://localhost:8080.

Integrating with ZAP Automation

Generate an OpenAPI specification with Noir and feed it into ZAP's automation framework.

  1. Discover Endpoints:

    noir scan ~/app_source -f oas3 --no-log -o doc.json
    
  2. Run ZAP Scan:

    ./zap.sh -openapifile ./doc.json \
        -openapitargeturl <TARGET> \
        -cmd -autorun zap.yaml <any other ZAP options>
    

For more details, see the ZAP blog post: Powering Up DAST with ZAP and Noir.