The Zed Attack Proxy (ZAP) by Checkmarx is the world’s most widely used web app scanner.
Free and open source. A community based GitHub Top 1000 project that anyone can contribute to.

It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications.
It’s also a great tool for experienced pentesters to use for manual security testing.

For more details about ZAP see the website: zaproxy.org