Some firewalls have a default configuration which will block DAST scans. The ZAP scanner sends a identification header on each request, "X-Scanner: ZAP" which may be an indicator to your WAF to block the request. A false-positive issue may then be created in SOOS.

You can verify if this is happening on your DAST scan by running the curl command associated SOOS issue, first as written, and then second without the X-Scanner header to see if it makes a difference in the response.

If it does, you'll need to bypass or allow a specific exception to run the DAST scan.