So you want to build a Security Program? Part 2 - Web App Scanning
-
OWASP ZAP is the clear winnner for opensource web app scanning. The GUI is good, simple, and the reports are great! You can even brand them for your own company!
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
The only negative thing about OWASP ZAP is the fact that you cannot run it from the command line, but it is cross platform and works on Windows and Linux.