we want to use ZAP to scan our site vulnerability issues
is there any way to define our own active rule for our business..?
for example, we want to check is there any javascript post any data to the sites that are not in the white list ...?
so, maybe we can implement this feature in ZAP addons, but how to create our own ZAP addon...?
we want to check is there any javascript post any data to the sites that are not in the white list ...?
That would be a passive rule not an active.
You can create either as a script, there are templates that come with ZAP. You can also find community examples here: https://github.com/zaproxy/community-scripts
There is also a set of blog posts that can help you:
Active Scan vs Passive Scan: