Introduction In a previous post, I shared how to run OWASP ZAP as a DAST tool using GitHub Actions. However, some challenges emerged in actual operation. DAST scans are typically run against non-production environments such as staging, but these environments often have IP restrictions enforced by security groups or AWS WAFs. Since GitHub Actions uses […]