OWASP ZAP, the open source web application security scanner, running as a headless daemon with its REST API ready.
Choose the operating system, cloud and version you need. Every variation is the same hardened OWASP ZAP image, built and supported by cloudimg.
OWASP ZAP (Zed Attack Proxy) is a widely used open source dynamic application security testing scanner. It spiders web applications and runs passive and active scans to find vulnerabilities, and can be driven entirely over an authenticated REST API.
cloudimg ships ZAP preinstalled and running as a headless daemon with the REST API bound to loopback, and a random API key is generated fresh on first boot so no shared secret ships in the image. A bundled Java runtime, the session database on a dedicated resizable data disk and 24/7 support round out the image.