diff --git a/.github/workflows/penetration-test.yml b/.github/workflows/penetration-test.yml
index c66d575f651..5f865b5184c 100644
--- a/.github/workflows/penetration-test.yml
+++ b/.github/workflows/penetration-test.yml
@@ -17,6 +17,7 @@ jobs:
           - 'test/front_guest/contact.test.ts'
           - 'test/admin/content_layout.test.ts'
           - 'test/admin/content_layout_delete.test.ts'
+          - 'test/admin/customer.test.ts'
           - 'test/admin/content_cache.test.ts'
           - 'test/admin/customer_edit.test.ts'
           - 'test/admin/product_class_name.test.ts'
diff --git a/zap/selenium/ci/TypeScript/test/admin/customer.test.ts b/zap/selenium/ci/TypeScript/test/admin/customer.test.ts
new file mode 100644
index 00000000000..9ca622eebe6
--- /dev/null
+++ b/zap/selenium/ci/TypeScript/test/admin/customer.test.ts
@@ -0,0 +1,45 @@
+import { test, expect, chromium, Page } from '@playwright/test';
+import { intervalRepeater } from '../../utils/Progress';
+import { ZapClient, Mode, ContextType, Risk, HttpMessage } from '../../utils/ZapClient';
+const zapClient = new ZapClient('http://127.0.0.1:8090');
+
+const baseURL = 'https://ec-cube/admin';
+const url = baseURL + '/customer';
+
+test.describe.serial('会員管理 会員一覧のテストをします', () => {
+  let page: Page;
+  test.beforeAll(async () => {
+    await zapClient.setMode(Mode.Protect);
+    await zapClient.newSession('/zap/wrk/sessions/admin_customer', true);
+    await zapClient.importContext(ContextType.Admin);
+
+    if (!await zapClient.isForcedUserModeEnabled()) {
+      await zapClient.setForcedUserModeEnabled();
+      expect(await zapClient.isForcedUserModeEnabled()).toBeTruthy();
+    }
+    const browser = await chromium.launch();
+    page = await browser.newPage();
+    await page.goto(url);
+  });
+
+  test('会員管理 会員一覧を表示します', async () => {
+    await expect(page).toHaveTitle(/会員管理 会員一覧/);
+  });
+
+  test('タイトルを確認します', async () => {
+    await expect(page.locator('.c-pageTitle__titles')).toContainText('会員管理');
+  });
+
+  test.describe('テストを実行します[GET] @attack', () => {
+    let scanId: number;
+    test('アクティブスキャンを実行します', async () => {
+      scanId = await zapClient.activeScanAsUser(url, 2, 55, false, null, 'GET');
+      await intervalRepeater(async () => await zapClient.getActiveScanStatus(scanId), 5000, page);
+    });
+
+    test('結果を確認します', async () => {
+      await zapClient.getAlerts(url, 0, 1, Risk.High)
+        .then(alerts => expect(alerts).toEqual([]));
+    });
+  });
+});