Agentic DAST
StackHawk brings dynamic application security testing directly into the AI development lifecycle. Your AI coding agent already understands your application — its architecture, its dependencies, its patterns. It also inherits your organization’s other skills, coding standards, and institutional knowledge. Agentic DAST lets that same agent run security scans against your live app, interpret the findings with full codebase context, fix vulnerabilities using the patterns and conventions your team already follows, and verify the fixes by rescanning. Security testing becomes part of how the agent builds, not a separate step after the fact.
Two Approaches
StackHawk offers two ways to add security testing to your AI coding tools:
Agent Skills
Install from the marketplace. No dependencies. Works with Claude Code, Codex, Gemini, Copilot, and Cursor.
MCP Server
Python-based Model Context Protocol server. Works with Cursor, Claude Code, and Windsurf.
End-to-End Guide
Full walkthrough: install, configure, scan, fix, and verify — from zero to secure.
Which Should I Use?
| Agent Skills | MCP Server | |
|---|---|---|
| Install method | Marketplace one-liner | Python + uv |
| Dependencies | None (just HawkScan CLI) | Python 3.10+, uv |
| Platforms | Claude Code, Codex, Gemini, Copilot, Cursor | Cursor, Claude Code, Windsurf |
| How it works | Teaches the agent via instruction sets | Runs as a local server the agent calls |
| Autonomous scanning | Yes — scans after feature completion | On request |
| Best for | Developers who want zero-setup DAST in their agent | Teams already using MCP servers |