I want to implement DAST and have chosen the ZAP tool. I now have an endpoints.txt file that contains all the endpoints I want to scan with ZAP.
Ideally, I would also like to run the crawler to discover any additional endpoints.
How can I do this using the ZAP Docker image? Do I need to write a script to scan multiple endpoints, or is there a better solution?
Feel free to recommend any other DAST tools :)
Are these endpoints all part of the same application or are they essentially different apps?
ZAP has a range of options for exploring apps, including the spiders, API importing, proxying unit tests etc. See https://www.zaproxy.org/docs/getting-further/automation/exploring-your-app/
If they are seperate apps then you can write a simple script which then calls ZAP to explore each of the endpoints, e.g. using the Automation Framework