Quickstart with OWASP ZAP
The Levo.ai add-on for ZAP allows building OpenAPI specs with the traffic sent or proxied via ZAP.
Here are the steps you need to follow to start building OpenAPI specs with Levo and ZAP:
The OpenAPI spec is built by sending anonymized API traces to Levo. You may run the Satellite (a set of services which receives and processes the traces) locally using docker or minikube, or on AWS with an AMI provided by Levo.
Please ensure that ZAP is able to reach the satellite at the configured listening port (the default is
Launch ZAP and install the Levo.ai add-on from the ZAP Marketplace. You may need to restart ZAP after the add-on is installed.
If the add-on is successfully installed, you should see a new button in the main toolbar.
Clicking on it will toggle sending traffic to Levo's satellite.
Navigate to Tools → Options → Levo.ai in ZAP and enter the URL pointing to the satellite (e.g.
Ensure that the Levo button is enabled in the toolbar, and you are good to go! Start browsing your website using ZAP and you should start seeing auto-discovered applications in your Levo dashboard in a few minutes.