File: sbom.md | Updated: 11/18/2025
ZAP includes a runtime Software Bill of Materials (SBOM) generated by CycloneDX for both the ZAP core and all of the add-ons maintained by the ZAP team. Each SBOM will appear as a file called “bom.json” included at the root of the ZAP JARs.
Runtime SBOMs for the ZAP core and the add-ons you have installed can be accessed in ZAP as per the Software Bill of Materials help page.
Note that SBOMs may not be available if you run ZAP from the source code, and some 3rd party add-ons may also not define them.
The full set of available build time add-on SBOMs are:
| Name | Components | | --- | --- | | Access Control Testing Add-on SBOM | 119 | | Active scanner rules (alpha) Add-on SBOM | 148 | | Active scanner rules (beta) Add-on SBOM | 161 | | Active scanner rules Add-on SBOM | 162 | | Advanced SQLInjection Scanner Add-on SBOM | 83 | | Ajax Spider Add-on SBOM | 200 | | Alert Filters Add-on SBOM | 132 | | Authentication Helper Add-on SBOM | 257 | | Automation Framework Add-on SBOM | 130 | | Call Home Add-on SBOM | 114 | | Client Side Integration Add-on SBOM | 185 | | Common Library Add-on SBOM | 129 | | Custom Payloads Add-on SBOM | 129 | | Database Add-on SBOM | 130 | | Dev Add-on Add-on SBOM | 129 | | Diff Add-on SBOM | 80 | | Directory List v1.0 Add-on SBOM | 65 | | DOM XSS Active scanner rule Add-on SBOM | 186 | | Encoder Add-on SBOM | 129 | | Eval Villain Add-on SBOM | 61 | | Forced Browse Add-on SBOM | 130 | | FuzzAI Files Add-on SBOM | 60 | | Fuzzer Add-on SBOM | 133 | | Getting Started with ZAP Guide Add-on SBOM | 65 | | GraalVM JavaScript Add-on SBOM | 149 | | GraphQL Support Add-on SBOM | 154 | | Groovy Support Add-on SBOM | 165 | | gRPC Support Add-on SBOM | 134 | | Image Location and Privacy Scanner Add-on SBOM | 131 | | Import/Export Add-on SBOM | 133 | | Invoke Applications Add-on SBOM | 79 | | Linux WebDrivers Add-on SBOM | 66 | | MacOS WebDrivers Add-on SBOM | 66 | | Network Add-on SBOM | 109 | | OAST Support Add-on SBOM | 164 | | Online menus Add-on SBOM | 65 | | OpenAPI Support Add-on SBOM | 186 | | Parameter Digger Add-on SBOM | 118 | | Passive Scanner Add-on SBOM | 130 | | Passive scanner rules (alpha) Add-on SBOM | 131 | | Passive scanner rules (beta) Add-on SBOM | 131 | | Passive scanner rules Add-on SBOM | 133 | | Postman Support Add-on SBOM | 131 | | Python Scripting Add-on SBOM | 120 | | Quick Start Add-on SBOM | 200 | | Replacer Add-on SBOM | 124 | | Report Generation Add-on SBOM | 163 | | Requester Add-on SBOM | 124 | | Retest Add-on SBOM | 124 | | Retire.js Add-on SBOM | 130 | | Reveal Add-on SBOM | 114 | | Revisit Add-on SBOM | 66 | | Scan Policies Add-on SBOM | 66 | | Script Console Add-on SBOM | 132 | | Selenium Add-on SBOM | 178 | | Sequence Add-on SBOM | 189 | | Server-Sent Events Add-on SBOM | 107 | | SOAP Support Add-on SBOM | 159 | | Spider Add-on SBOM | 144 | | Technology Detection Add-on SBOM | 135 | | Tips and Tricks Add-on SBOM | 66 | | Value Generator Add-on SBOM | 124 | | WebSockets Add-on SBOM | 136 | | Windows WebDrivers Add-on SBOM | 66 | | Zest - Graphical Security Scripting Language Add-on SBOM | 189 |