This document discusses continuous API security testing using OWASP ZAP on Kubernetes. It proposes running ZAP scans against microservices continuously or on-demand directly in the Kubernetes cluster. This would find vulnerabilities earlier in the development process compared to only running security tests at the end. The document outlines how Testkube, a Kubernetes-native testing framework, could be used to orchestrate and run ZAP scans as tests against microservices to achieve continuous security testing. Demo projects are referenced to show how this approach could work.