Zed Attack Proxy is a free and open-source web app scanner, originally developed within the OWASP community, with the project now managed by Checkmarx.
Further reading
- Top 8 penetration testing tools (Snyk Blog)
- ZAP (Wikipedia)
- Zed Attack Proxy, by CheckMarx
- Install ZAP on MacOS (Homebrew)