NCCloud

NCCloud / zap-operator

Public

A Kubernetes operator to manage Zed Attack Proxy (ZAP) scans :rocket:

golang infrastructure kubernetes operator security
19
1
100% credibility
Found Feb 05, 2026 at 15 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

A Kubernetes operator that simplifies running OWASP ZAP security scans on web applications, supporting both immediate and scheduled executions with built-in monitoring.

How It Works

1
🔍 Discover security helper

You learn about a handy tool that automatically checks your websites for safety issues without hassle.

2
🚀 Set it up easily

You add the tool to your online setup with one simple command, and it's instantly ready to protect your sites.

3
Pick scan style
🕐
Quick check

Point it at your website address to scan once and get fast results.

Ongoing watch

Schedule scans like every night so it keeps checking without you lifting a finger.

4
🔎 Watch it scan

Sit back as the tool thoroughly examines your site for hidden dangers – exciting to see it work!

5
📊 Get clear reports

Review simple summaries of problems found, sorted by how serious they are, with handy charts.

Apps stay safe

Your websites are now automatically guarded against threats, giving you peace of mind.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 15 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is zap-operator?

Kubernetes operator in Go that runs OWASP ZAP security scans directly in your cluster. Apply simple YAML CRDs for one-off ZapScan jobs or cron-scheduled ZapScheduledScan, targeting URLs or OpenAPI specs—it launches ZAP containers, grabs JSON/HTML reports, and tracks alerts via status fields. Deploy via Helm from nccloud.github.io/charts for GitOps-friendly security in kubernetes github releases pipelines.

Why is it gaining traction?

Pure Kubernetes-native approach beats manual Jobs or Helm charts—no cron hacks or external deps, just declarative scans that update Prometheus metrics for alerts, duration, and status. Exposes /metrics endpoint and Grafana dashboard for instant observability, fitting kubernetes operator pattern over kubernetes operator vs helm static deploys. Custom args, images from kubernetes github container registry, and cleanup options make it hook into kubernetes github actions runner workflows seamlessly.

Who should use this?

Security engineers and DevOps teams scanning K8s-hosted web apps nightly or on-demand. Suited for SREs using kubernetes operator sdk/framework wanting automated vuln checks beyond basic kubernetes github ingress nginx setups, or replacing ad-hoc ZAP in CI with CRD-driven scans tied to app repos.

Verdict

Practical for K8s security scanning with strong docs, Helm support, and 80%+ test coverage, but 16 stars and 1.0% credibility score signal early maturity—watch github kubernetes releases closely. Try in staging if kubernetes operator tutorial vibes match your stack; skip for prod without more adoption.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.