Changelog

The StackHawk Changelog

Tracking updates to the StackHawk platform and HawkScan.

Current HawkScan Version: 0.8.16

October 20, 2020

StackHawk Platform
Improvement
HawkDocs

HawkDocs have been updated with a new design, dark mode, and responsive mobile layouts. Check out the Updated Docs

October 19, 2020

HawkScan (0.8.16)
Improvement
Configuration controls for file-based GraphQL schemas

HawkScan was released with improvements to the GraphQL vulnerability scanner configuration to support scanning with file-based schemas.

October 14, 2020

StackHawk Platform
Added
Application Table View

Listed Applications can be viewed as a table, rather than cards, in the StackHawk platform. This creates more real estate for organizations with many applications.

Remove users from the Organization

Organization owners can now remove users from their org.

Application metadata

Assign Risk Level and Data Type for your applications from the Applications page of the StackHawk platform.

Improvement
Scan Details Page

When viewing the scan details page, the version of HawkScan alongside whether an update is available is displayed.

Release Notes in HawkDocs

Review the StackHawk and HawkScan release notes from the official documentation. Read our Release Notes

Fixed
Jira Actions

Taking Jira actions on the Findings page has been improved on the paths table and details panel. Jira tickets search has been optimized.

Errored Environment Cards

When an error occurs during a scan the associated environment card on the Applications page will accurately display an errored state.

October 13, 2020

HawkScan (0.8.14)
Fixed
Scanning urls without a specified port

HawkScan was released with a fix to support scanning endpoints that don't specify a port.

October 12, 2020

HawkScan (0.8.12)
Added
Include Paths

Hawkscan will now accept the `app.includePaths` configuration, specifying any routes the scanner should visit. Read the docs

Improvement
Error Handling

Hawkscan will now send additional telemetry and improved exception introspection.

September 25, 2020

StackHawk Platform
Added
Weekly Summary Emails

Organization owners will now see a weekly email containing summaries of your weekly activity using StackHawk

Datadog Integration

Send your StackHawk scan notifications to Datadog. Read the docs

Keyboard Navigation

Accessibility improvements around navigating the StackHawk platform via keyboard

Applications Page Table View

View your applications and environments in a compact view from the Applications page

Improvement
Getting Started Flow

Added clarity around the steps of the Getting Started flow, as well as the ability to skip the Getting Started flow

PowerShell Commands

The StackHawk application will detect your operating system and display the proper set of command-line shell commands

Applications Page Display

Applications page display on mobile and tablet size screens has been updated to improve usability

Finding Details Panel Stickiness

Panel will now persist user’s choice of viewing request or response metadata for a specific finding

Placeholders

Placeholder UI implemented for API key table, members table and account info pages

Fixed
App creation wizard modals will not overlay on each other

Application filters

Application filter shows application name instead of ID when navigating to the Applications page with query strings in the URL

Hover state color in dropdown menus

September 10, 2020

HawkScan (0.8.10)
Improvement
GraphQL file loading

Support using GraphQL schema from file

September 1, 2020

StackHawk Platform
Added
GA Release

August 28, 2020

StackHawk Platform
Fixed
Toast Notifications

Toast notifications now display error messages, in addition to success confirmations when taking action on scan findings

August 27, 2020

HawkScan (0.8.8)
Improvement
Error Logging

Use python `print()` in most places - errors still use the logging mechanism

Fixed
Terminal Output Colors

term_color flag is checked in the Logger module to respect colored output in the terminal

August 24, 2020

StackHawk Platform
Improvement
Billing

Improved access to the billing page from the account settings view

Slack Integration

Connect StackHawk with Slack and receive notifications on HawkScan events Read the docs

August 24, 2020

HawkScan (0.8.6)
Added
Terminal Output Colors

Adds colors and logging for YAML exceptions and clear color delineation for problem items in the YAML config

Improvement
Configuration Loader

Update the config loader to include the filename with the stream

Exception and Error Handling

Add new exception type for YAML exceptions, granulate the exception handler on the top level and add generic log output controls for info and error

Removed
ZAP False Positives

Disables certain zap plugins causing false positive reports in scanned applications

August 20, 2020

HawkScan (0.8.4)
Improvement
Improved GraphQL scanning support

Fixed
Auth recheck on long running scans

Modified HawkScan memory settings

August 17, 2020

StackHawk Platform
Added
Billing

Choose between the Startup, KaaKaww, or Enterprise Plans on the StackHawk settings page

Bamboo Integration

Find documentation on the StackHawk Bamboo Integration from the Integrations tab

Improvement
Findings Management Controls

Improved display of findings status in the right panel, linking to Jira from the right panel and updating status experience

Settings page routing

Each page of the settings menu has a dedicated URL

Fixed
Applications Card Display

Increased size of the kebab button on the cards of the Applications page

Getting Started Flow

Refreshing the page during the Getting Started flow will preserve your progress in the flow

August 17, 2020

HawkScan (0.8.2)
Fixed
Bug related to scanning for organizations without a subscription

August 17, 2020

HawkScan (0.8.0)
Added
Check for valid subscription when scanning

Improvement
Copy in terminal scan results output text

August 3, 2020

StackHawk Platform
Added
Pagination

Data returned for Findings and Scans tables is paginated to improve performance of unbounded data lists

Password Reset

Reset your password for accessing the StackHawk platform from the profile page

Improvement
Settings Navigation

Settings navigation is optimized for mobile and small screen sizes

Graph Popover

Hovering over the graphs on the Applications page will display details of a specific scan

Applications Options

From the Applications page view your latest scan results for a specific application by choosing one of the options in the kebab menu

July 22, 2020

StackHawk Platform
Added
Applications and Environments Overview

See current status, history of past scans, and manage your applications and environments via the Applications tab in the sidebar

Improvement
Finding Details pagination

Findings Details page contains pagination controls

Mobile UI

Modals display has been improved for usability on smaller screen sizes

Fixed
Cleanup Jira page request to remove excessive calls to get Jira projects and issues

July 13, 2020

StackHawk Platform
Added
Jira Integration

Integrate with your Jira Software instance to manage your appsec bugs by assigning and linking to Jira tickets read the docs

Scan Filtering

Filter scans in the Scans List by Application and Environment

Integrations

New link to Azure Pipelines HawkDocs

Improvement
Findings Management

Scan findings URLs are now sorted alphabetically as well as by status

June 29, 2020

HawkScan (0.7.2)
Added
Header Replacer Support

Enables manipulation of request headers to better support apps running behind a proxy

GraphQL Config Section

Support for tuning the GraphQL introspection process

Rate Limiting Controls

Provides more control over the aggressiveness of the scanning capability

Kotlin Scripting Support

ZAP open source contribution for Kotlin support

Passthrough Config Support for ZAP

Supports advanced ZAP configuration via StackHawk YAML

Improvement
GraphQL Introspection

More support for enumeration types and improvements to the test query builder

Flexible logging control for ZAP

Adds support for debug logging

Transparent localhost proxy instead of url rewriting

Better support for scanning localhost networking scenarios and reverse proxies

June 19, 2020

StackHawk Platform
Added
Paths tab

Assess completeness of scans by reviewing all paths scanned by HawkScan

Integrations

New links to Concourse CI and Github Actions HawkDocs

Improvement
Findings Management

Bulk controls UI improvements, findings table UI improvements, and findings are sorted alphabetically

Findings Management Alert Rules

Alert rules are now specific to request method

Scans Table

Pagination controls are accessible at the top of the Scans table

This Announcement Panel!

See specific changes for HawkScan and StackHawk platform

Fixed
Applications Page Results

See up to 100 applications on Applications page

Invite users popup UX fixes

URI Truncation

URI truncation in many places throughout the application for readability

Validate Findings

curl command generated with double quotes around request body

June 6, 2020

HawkScan (0.6.14)
Added
Terminal Output

Scan progress is now printed to the terminal output

GraphQL Querying Improvements

June 5, 2020

StackHawk Platform
Added
StackHawk Authentication

Log in using any email via StackHawk authentication, or OAuth via Google and Github

Improvement
Findings Management

Take action from the Findings Management right panel for triaging your application’s security vulnerabilities

Fixed
App Creation Wizard

Add missing escape characters to downloaded StackHawk.yml from App Creation Wizard

May 29, 2020

StackHawk Platform
Added
This Announcement Panel!

Announcement panel is a source for release notes, social links, docs and submitting feedback

Findings Management

Users may now triage scan findings by marking them as Assigned, Risk Accepted or False Positive

Scans List Table

As part of Findings Management, the scan list will now reflect new findings (not yet triaged) and a count of triaged findings

Improvement
Browser Support and Logout Notification

Users on unsupported browsers will see a new informational page, and users logged out due to inactivity will be notified via toast notification

Faster Performance for Scan Findings Display

May 14, 2020

HawkScan (0.6.6)
Improvement
Support for GraphQL Union and Interface Types

Support OpenAPI and Graphql API Scanning with same Config and App

HawkScan now supports configuration for customers that utilize both OpenAPI spec and GraphQL API scanning

Fixed
Gitlab DAST Report Updates

Customers utilizing the StackHawk integration with Gitlab will now see findings updated in their report dashboard.

May 8, 2020

StackHawk Platform
Added
Curl Attack Regenerator

Users may quickly validate a finding by clicking the “Recreate” button. This generates a curl command that a user may paste into their terminal in debug mode and quickly recreate an attack

Improvement
Improvements to the Getting-Started Page Navigation

Scan List Pagination

Improvements to Mobile Styling

May 8, 2020

HawkScan (0.6.4)
Added
GitLab CI/CD Service Templates

May 4, 2020

StackHawk Platform
Added
Advanced Slack Integration Configuration

You may now configure updates from specific applications to be sent to specific channels in Slack, ensuring that your teams are only getting updates about the applications relevant to their workflow

Fixed
Logout event percolates across all open tabs

Login-timeout redirects will take you to the last requested page instead of the last visited page