Tsun is a CLI-first Dynamic Application Security Testing (DAST) tool built on top of OWASP ZAP, designed for small SaaS teams that want real security scanning without enterprise overhead.
It runs authenticated scans locally or in CI with predictable runtimes, sane defaults, and low noise — so engineers actually keep it enabled.
Key features:
Authenticated scans (headers, cookies, login hooks)
CI-friendly profiles with time and URL caps
Baseline comparisons to show what changed
JSON, HTML, and SARIF output (GitHub Code Scanning ready)
Fully local execution — no SaaS account required
The core CLI is free and open-source.
Pro adds baselines, deep scans, and workflow guardrails for teams that want cleaner CI and less noise.
Built by a security engineer for developers who want ZAP-level power without heavyweight platforms.
Product Updates (0)
No updates yet. Check back later for updates from the team.
Comments (0)
No comments yet. Be the first to share your thoughts!
Comments (0)
No comments yet. Be the first to share your thoughts!