Changelog

The StackHawk Changelog

Tracking updates to the StackHawk platform and HawkScan.

Current HawkScan Version: 0.11.14

November 4, 2021

StackHawk Platform
Added
Plugin Duration

Find out how long each plugin takes from the plugin summary tab of the scan details page for a better understanding of how HawkScan scans your application.

October 19, 2021

StackHawk Platform
Fixed
Jira Issues are now retrieved when the Send to Jira modal opens.

Choosing to load example scan data from Google Firing Range will no longer show the Welcome modal to new users.

October 18, 2021

StackHawk Platform
Added
Getting Started Updates

Plan descriptions and initial scan selections have been updated to better reflect scanning your own application or loading example scan data.

Create an Application Updates

When creating an application, you can now define a specific application type, which will generate a customized scan configuration allowing you to get started scanning faster. Additionally, the Technology Flags step has been removed from this flow, but can still be accessed under application settings.

Findings Other Info

The Other Info field of a finding has been surfaced in the Finding Details panel when available.

Improvement
(Enterprise) API Source in Audit Log

API label is added to events sent from the public StackHawk API to the audit log.

Integration Error State

Integration pages now feature a new error state when integration channels cannot be retrieved.

Onboarding Experience

Invited users see a welcome modal, while new users that are owners of their organization are directed to create an application after providing onboarding information.

Fixed
Deleting last environment on a filtered applications view updates to reflect deletion.

October 6, 2021

StackHawk Platform
Added
(Enterprise) StackHawk API Access

The StackHawk API is now available for public use by organizations on the Enterprise plan. With extensive documentation and resources, developers can now programmatically manage StackHawk applications and environments directly from the command line. Read the Docs

September 17, 2021

HawkScan (0.11.14)
Added
Authentication and Session script support

Authentication and Session management scripts are now supported and configurable via authentication.script and authentication.sessionScript configurations.

Fixed
OpenAPI request generation

A bug in hawkscan 0.11.11 the openapi request generator was not handling incomplete request body references and request bodies with mixed $ref and sub property definitions.

OpenAPI parsing

A bug in hawkscan 0.11.11 was causing openapi v2 specifications to fail instead of falling back to the v2 parsing engine.

August 31, 2021

StackHawk Platform
Fixed
GraphQL Findings

Fixed an issue where some GraphQL results were displayed incorrectly when viewing scan findings.

August 26, 2021

StackHawk Platform
Fixed
Jira Issue Promotion

Fixed an issue where the dropdown to select a Jira project was not populating while triaging issues.

August 26, 2021

HawkScan (0.11.11)
Fixed
Header Replacer Rules

A bug in hawkscan 0.11.10 that was causing the header replacer configuration to fail has been fixed.

August 25, 2021

HawkScan (0.11.10)
Improvement
OpenAPI verification

Added improved error detection in openapi specifications that do not result in routes being discovered on your application.

Script loading

Custom scripts are now loaded before any authentication or API discovery traffic, allowing for custom auth and API discovery requests.

August 16, 2021

HawkScan (0.11.9)
Added
Git Repo Mounting

Added the ability to mount a remote git repository for a project instead of a docker volume mount.

Improvement
Error Handling

Improved error handling to catch errors returned when using https localhost URIs.

August 2, 2021

StackHawk Platform
Improvement
Application View Updates

Improved the UI for accessing Application settings. Clicking on the application name or the arrow control will allow you to access your Application details and scan settings, such as Technology Flags.

Fixed
Slack Configuration

Updated the Slack channel configuration UI to account for any deleted Applications or Environments that are mapped to a Slack channel.

July 26, 2021

StackHawk Platform
Added
Delete Applications, Environments, and Scans

Remove outdated or unused scans, applications and environments from your organization.

Improvement
Application Creation Modal

The application creation modal will be reset to its default state when closing the modal.

(Pro & Enterprise) Audit Log Messaging

Audit log provides a better message around removing scans from your organization.

Fixed
Curl Command Generation

Curl commands with nested single quotes are now able to be used to validate findings.

Downloadable Configuration

The application name is now present in the downloadable stackhawk.yml.

Announcements Panel

Fixed announcements panel notifications for when new release notes are published.

July 12, 2021

StackHawk Platform
Added
(Pro & Enterprise) Create an App Flow: Tech Flags

We have added the ability to modify technology flags during the application creation process. Technology Flags allow you to fine-tune the tests HawkScan runs to better match your tech stack, leading to faster scans and fewer false positives.

Improvement
Create an App Flow

The application creation modal has been updated to include the guided wizard interface.

Fixed
Getting Started Flow

We now retain the Application ID when clicking back or on to a specific step in the Getting Started wizard.

July 9, 2021

HawkScan (0.11.8)
Fixed
Repository Metadata Collection

Fixed a bug that made HawkScan error out when collecting metadata.

July 6, 2021

HawkScan (0.11.7)
Added
SOAP specific scan policies

HawkScan now automatically configures scan policies for SOAP API endpoints to include relevant tests.

Improvement
API Scanning

HawkScan now targets GraphQL, OpenAPI and SOAP APIs with more specific and relevant attack vectors.

Fixed
Scan Policy

Fixed a bug with merging scan policy overlays when configured for GraphQL and OpenAPI scanning.

Token Redaction

Token authentication will now redact the external token from the scan config.

July 6, 2021

StackHawk Platform
Added
Jira Data Center Integration

Enterprise Plan organizations can now triage scan findings with the Jira Data Center Integration. This integration will connect with an Atlassian Jira Server or Atlassian Data Center to create or link Jira issues from StackHawk findings.

Fixed
Jira Actions

Fixed a bug with Jira Cloud integration where the platform could not detect if a project management integration is installed.

May 28, 2021

HawkScan (0.11.6)
Improvement
Authentication TestPath

HawkScan terminal error output includes more details when validating authentication via the testPath.

Fixed
Terminal Output

Fixed a bug with HawkScan output reporting incorrect counts of triaged findings.

GraphQL Configuration

Fixed a bug when configuring a GraphQL schema endpoint with a trailing slash, and the reporting of scanned graphql paths.

Scan Policies

Fixed a bug in application specific policies that was preventing plugin overrides from working correctly.

May 25, 2021

StackHawk Platform
Added
Microsoft Teams Integration

Organizations on the Enterprise Plan can now send Scan Notifications to configured Microsoft Teams channels whenever a scan is run and completed.

Webhook Integration

Generic Webhooks are now available for Organizations on the Enterprise Plan. Send Scan Results to third-party systems (collaboration tools, incident management platforms, etc.) when a scan completes. Scan Results will be sent in a JSON payload to your configured webhook endpoint.

Fixed
PowerShell Commands

Updated Powershell instructions for the Getting Started steps.

May 5, 2021

StackHawk Platform
Improvement
Integrations

Quickly see what StackHawk enabled workflow integrations you have installed directly from the integrations tab.

Fixed
Audit Payload

A bug was fixed related to certain audit events missing relevant details in their messages.

April 23, 2021

StackHawk Platform
Added
(Enterprise) Audit Log

View an audit log of all activity within your organization, including when users join and leave your organization, when scans have been kicked off, when findings are triaged, and more!

Improvement
Validate Findings

All scan findings can now be validated. Alerts from HawkScan can be recreated with the Validate button in the Findings tab.

HawkScan Version Tooltip

Jump into HawkDocs to learn how to update HawkScan when your version is out of date via a tooltip on the Scan Details page.

Fixed
App Redirects

A bug was fixed related to following scan link urls in expired browser sessions.

April 22, 2021

HawkScan (0.11.4)
Added
GraphQL Spider Progress

Percentage complete progress output to the terminal for long running GraphQL spiders.

Improvement
Threshold Exit Code 42

When the finding threshold has been reached return exit code 42 so it can be distinguished from an unsuccessful scan with an exit code of 1.

Fixed
Inaccurate Finding/Triage Counts

Fixes the finding and triage counts not being accurate in the HawkScan terminal output.

Remove Stacktrace From Terminal Output

Removed the stacktrace from the terminal output when an incorrect applicationId is specified in the stackhawk.yml.

Redact Credentials From Terminal Output

Redact the authentication credentials from the terminal output on authentication failure.

Race Condition

Fixed an intermittent race condition when sending the final scan results to the platform.

Removed
Deprecated GraphQL Fields

The deprecated graphqlConf fields batchQueries and introspection have been removed from the terminal output banner.

April 13, 2021

HawkScan (0.11.0)
Fixed
HawkScan failureThreshold

Fixes an error when you configure failureThreshold in your application config. HawkScan will now exit correctly with this configuration.

April 6, 2021

StackHawk Platform
Added
Support Modal

Having issues with the StackHawk web app? Can’t seem to get HawkScan configured? By clicking on your username in the sidebar you can find easy access to HawkDocs and how to contact our support team.

Keyboard Control for Integrations

The tables, buttons and dropdowns of the Integration pages are now able to be controlled with a keyboard.

Fixed
App Creation Wizard Display

The Application ID will be displayed without overlapping its field boundaries in the App Creation Wizard.

March 30, 2021

HawkScan (0.10.0)
Added
SOAP API Support

Use the app.soapConf configuration section to specify a local or hosted SOAP WSDL to configure the scanner to scan your SOAP endpoints. app.soapConf

All your inputs are belong to us

Set the app.autoInputVectors=true to ensure only the correct data types are used when scanning your API. This will help increase accuracy and completeness of the scan.

Improvement
New OpenAPI Conf section

The app.api section is being deprecated in favor of app.openApiConf to allow for easier configuration and expanded options when scanning an OpenAPI based API. app.openApiConf

OpenAPI scanning improvements

When scanning an OpenAPI-based API, HawkScan will automatically detect and configure any data driven nodes in your API spec. This allows the HawkScan to avoid rescanning repetitive paths in your site tree as well as detect and scan sub paths. The overall effect is a more complete and accurate OpenAPI scan.

Scan Speed + Accuracy

When scanning an API use the StackHawk Platform Technology Flags in combination with app.autoPolicy and app.autoInputVectors to get the most out of your scan. The combination will inform the scanner of the most accurate approach to attacking your application. We've seen a dramatic reduction in false positives, reduced scan times on large API's, and an increase in harder to find vulnerabilities when using these options together on API scans.

March 23, 2021

StackHawk Platform
Added
Keyboard Control

Users who navigate the app without a mouse will be able to perform any action a keyboard and mouse user can.

(Enterprise) Download Scan Results

Download Scan Results as JSON from Scan Details page.

(Enterprise) SAML Support

SAML authentication and authorization for accessing the StackHawk platform. Contact our sales team to learn how to add this for your organization.

Improvement
Single SignOn

Members and account settings pages are updated for Single SignOn users.

Lazy loading and dependency management

Users will not load specific routes or dependencies until they need them.

Findings Management History

Findings Management History displays full history of the status of a finding.

Mobile Display on Finding Details page

Fixed
Getting Started on Free Tier

Free tier users can navigate getting started flow again without getting stuck by an Upgrade modal.

Findings Path Display

Determines the validity of URIs displayed on the Finding Details page.

February 26, 2021

StackHawk Platform
Added
New Integrations

Find documentation on the StackHawk Spinnaker, Buildkite and Bitbucket Pipeline Integrations from the Integrations tab.

Improvement
Application Creation

Application creation experience includes a step-by-step wizard to guide users through scanning their first app.

Usability and Display Improvements

Improvements across the app to increase usability and display of technology flags checkboxes and the Scans and Findings tables.

Accessibility Improvements

Keyboard control improvements made to the multi-select components in the web app, as well as improved control of the left hand Welcome panel.

Fixed
Finding Details Sorting

Finding Details on the Print Scan page are sorted by severity.

Finding Details Display

Resolved an issue where the Finding Details page would get confused when switching between GraphQL and REST scans.

February 15, 2021

HawkScan (0.9.0)
Added
app.autoPolicy flag for API scans

When scanning a web API like OpenAPI or GraphQL you can use the `app.autoPolicy` flag to load an optimized policy for the API type. This can help increase scan speed and reduce false positives when scanning web endpoints that do not serve HTML/Javascript. app.autoPolicy

Improvement
Realtime streaming of scan findings to the platform

As security findings are found during a scan they will be sent to platform for imediate viewing.

GraphQL Spider query improvement

The GraphQL spider process will generate queries to retrieve nested object fields that may contain data leaks... we see you.

Fixed
Obscure error when using includePaths

Addressed an issue using includePaths that causes the spider to fail resulting in an obscure error on the terminal.

February 15, 2021

StackHawk Platform
Added
Technology Flags

Optimize HawkScan by applying custom technology flags from the Applications page settings in the web app. Improve scan speeds and reduce false positives by only running tests around the technologies your application uses.

Improvement
Scan Error Display

View scan errors from a tab on the Scan Details page.

Application Creation

Include http for an application’s host name if not present, and added a button to easily copy Docker commands.

Fixed
Integrations Data Loading

Updated logic for Jira and Slack integrations to avoid unnecessary authentication for the Jira and Slack Integrations pages.

February 4, 2021

StackHawk Platform
Added
Application Creation

Creating a new application in the StackHawk web app has never been smoother. Add an app from the Applications page for an optimized application creation experience.

Improvement
Environments Table Graph

Who doesn’t like colorful bar graphs? View the environments table on the Applications page for a truncated version of the StackHawk graphs you know and love.

Fixed
Type Errors and Warnings

Removed code that was falsely causing a few too many logging errors and added some boundaries around a type error in the onboarding flow.

January 26, 2021

StackHawk Platform
Added
GraphQL Findings Table

Scanning your GraphQL app? The Finding Details page will now display the operation and operation name around each finding.

Improvement
Sample App Onboarding Wizard

Scanning Google Firing Range for the first time is easier than ever. Updates to the onboarding modal include navigating between steps of the modal, copying shell commands and other minor visual improvements.

Plugin Table Loading State

The plugin summary table of the Scan Details page now has a loading state.

Finding Details Right Panel

The right panel on the Finding Details page is now open by default.

Changing Organizations

The profile menu in the sidebar has made it even easier to switch between multiple organizations, and a new loading animation has been added when switching organizations.

Fixed
Limit User Sessions

Fixed a bug where the platform got confused if you were logged into more than one account at the same time.

Google Firing Range Banner Display

Updated logic around displaying a banner in the Applications page allowing a new user to scan the Google Firing Range app.

Usability and Display Improvements

Improvements across the app to increase usability and performance of the Finding Details panel and tab display.

January 21, 2021

HawkScan (0.8.38)
Added
Added testPath.requestHeaders parameter to stackhawk.yml

The authentication testPath.requestHeaders is a map of extra headers to include in your testPath configuration. This is useful when using a POST route that requires JSON or some other Content-Type for requestBody.

Improvement
Updated ZAP to the latest version 2.10

Hawkswcan has been upgraded to use ZAP 2.10 the latest stable release. zap-extensions

Updated scan plugins from zap-extentions

Updated to the latest scanner plugins zap-extensions

January 12, 2021

StackHawk Platform
Added
Sample Application Onboarding

New users who load Google Firing Range sample data can view a modal wizard which will walk them through how to scan the Firing Range App on their own.

Multiple Organizations

A user can now join multiple organizations, and switch between organizations by using the organization switcher in the left hand nav located under your profile picture.

Improvement
User Invites

The user invite flow has been improved to ensure the user knows the difference between joining an organization and creating a new account.

GraphQL Support

On the Finding Details Page, the GraphQL Response Body in the right panel has been reformatted.

Fixed
Finding Details Page

A selected Finding List Item will stay selected upon the Right Panel opening.

Create New App Modal

After creating a new Application from the Applications Page, the Application ID can now be visible in the Create New App success modal.

Datadog Integration

Who let the dogs out? A user can now see who enabled their organization’s Datadog integration.

December 18, 2020

StackHawk Platform
Added
Real Time Scan Progress

Ready, set, scan! Once a HawkScan is in flight, see real time scan progress in the StackHawk web app. The Scans page displays overall scan progress. Navigating to the Scan Details page provides insight to the plugins and tests HawkScan is running, as well as details on any errored or successful scans.

December 14, 2020

StackHawk Platform
Improvement
Plan Users Selection

Save yourself some clicks! Input the number of users you’d like to include in your plan - via keyboard or mouse.

Findings Details page

Uncategorized alerts would disrupt the display of metadata on the Finding Details page.

Fixed
Usability and Display Improvements

Improvements across the app to increase usability and performance of the onboarding flow, integrating with Slack and using StackHawk on Safari.

December 8, 2020

HawkScan (0.8.28)
Improvement
Updated scan plugins from zap-extentions

Updated to the latest scanner plugins which address a number of bugs and false positives. zap-extensions

Fixed

The hawk.failureThreshold can now be set to high, medium, or low. If any alerts are found a for the supplied threshold, or higher, the scan will fail and output the count of alerts at or above the configured threshold.

Crashes due to conflicting virtual frame buffer lock files in docker compose environments

In some scenarios running hawkscan in a docker compose environment, an existing Xvfb lock file can be present without the process. Avoid this by detecting X11 lock state and choosing an available id.

December 5, 2020

StackHawk Platform
Added
New Plans!

We are shaking the tree at StackHawk! We are now offering a free plan and a Pro plan to meet the needs of all kinds of customers, from seasoned hawks to spring chickens. Check out our pricing page

GraphQL Findings

Scanning your GraphQL application? The StackHawk web app now identifies and displays specifics around your GraphQL queries and variables so you can easily identify your vulnerabilities from the Finding Details page.

Choose Your Own Adventure

Signing up for StackHawk for the first time? Choose your plan and what kind of application you are looking to scan in the Getting Started flow. Load in your application data or check out a scan of the Google Firing Range project to familiarize yourself with the platform.

Improvement
Scan Overview

Welcome to the improved Scan Details page! Take a look at the improvements around the Scan Overview - we’ve added a new graph and display to help you identify the criticalities of the vulnerabilities in your application.

Filtered Scan Results

Click on the environment name from the Applications page to see a filtered view of your Scans specific to that application and environment.

Nudges

New to the StackHawk web app? We'll highlight some of the awesome features of the application for you. Look for the glowing buttons!

Fixed
Usability and Display Improvements

Improvements across the app to increase usability and performance of the login flow, display in various browsers and responsive behavior. Sometimes the Getting Started flow didn’t load to help users get started.

November 24, 2020

HawkScan (0.8.26)
Added
Memory Management

Performance and stability improvements when scanning large sites.

November 23, 2020

StackHawk Platform
Added
StackHawk Free Tier

If you are an individual developer looking to get the application security basics under your belt, our all-new free tier was built just for you. In this single user plan, you will get all the best parts of StackHawk's Team plan. You can run scans and manage findings for a single application and receive weekly updates.

Improvement
Usability and Display Improvements

Improvements across the app to increase usability of Announcements panel, Slack Integration and Settings pages.

November 10, 2020

StackHawk Platform
Added
Recaptcha Verification on Account Signup

Email signups will now be verified with reCaptcha v3 technology because bots are sneaky.

Fixed
Jira Integration

Fixed a bug with the Jira Integration when sending findings to Jira next-gen projects, the integration now uses the correct “Bug” issue type enabled for the project.

November 9, 2020

StackHawk Platform
Added
Release Notes Nudge

See a visual indicator in the web app sidebar when new release notes have been published

Findings Status History

View who last updated a finding’s status from the Findings Details page panel Activity tab

Improvement
Usability and Display Improvements

Improvements across the app to increase usability of Announcements panel, Findings Details table, Login and Settings pages

Fixed
Adding Applications with Low Risk Level

Applications with a risk level of low can be added in the Getting Started flow and Applications page

October 30, 2020

StackHawk Platform
Fixed
Bug Fixes

We broke the validate button. In this release, we fixed it. Various other bug fixes and improvements.

October 29, 2020

StackHawk Platform
Added
Print Scan Report

Print or download a report of scan findings for an application and environment from the Scans and Scans Details pages.

Opt out of weekly emails

Opt out of weekly emails from the Notifications panel of the Settings page.

Improvement
Usability and Display Improvements

Improvements across the web app to increase usability of scrollbars, form fields, mobile display, announcements panel and table spacing

October 20, 2020

StackHawk Platform
Improvement
HawkDocs

HawkDocs have been updated with a new design, dark mode, and responsive mobile layouts. Check out the Updated Docs

October 19, 2020

HawkScan (0.8.16)
Improvement
Configuration controls for file-based GraphQL schemas

HawkScan was released with improvements to the GraphQL vulnerability scanner configuration to support scanning with file-based schemas.

October 14, 2020

StackHawk Platform
Added
Application Table View

Listed Applications can be viewed as a table, rather than cards, in the StackHawk platform. This creates more real estate for organizations with many applications.

Remove users from the Organization

Organization owners can now remove users from their org.

Application metadata

Assign Risk Level and Data Type for your applications from the Applications page of the StackHawk platform.

Improvement
Scan Details Page

When viewing the scan details page, the version of HawkScan alongside whether an update is available is displayed.

Release Notes in HawkDocs

Review the StackHawk and HawkScan release notes from the official documentation. Read our Release Notes

Fixed
Jira Actions

Taking Jira actions on the Findings page has been improved on the paths table and details panel. Jira tickets search has been optimized.

Errored Environment Cards

When an error occurs during a scan the associated environment card on the Applications page will accurately display an errored state.

October 13, 2020

HawkScan (0.8.14)
Fixed
Scanning urls without a specified port

HawkScan was released with a fix to support scanning endpoints that don't specify a port.

October 12, 2020

HawkScan (0.8.12)
Added
Include Paths

Hawkscan will now accept the `app.includePaths` configuration, specifying any routes the scanner should visit. Read the docs

Improvement
Error Handling

Hawkscan will now send additional telemetry and improved exception introspection.

September 25, 2020

StackHawk Platform
Added
Weekly Summary Emails

Organization owners will now see a weekly email containing summaries of your weekly activity using StackHawk

Datadog Integration

Send your StackHawk scan notifications to Datadog. Read the docs

Keyboard Navigation

Accessibility improvements around navigating the StackHawk platform via keyboard

Applications Page Table View

View your applications and environments in a compact view from the Applications page

Improvement
Getting Started Flow

Added clarity around the steps of the Getting Started flow, as well as the ability to skip the Getting Started flow

PowerShell Commands

The StackHawk application will detect your operating system and display the proper set of command-line shell commands

Applications Page Display

Applications page display on mobile and tablet size screens has been updated to improve usability

Finding Details Panel Stickiness

Panel will now persist user’s choice of viewing request or response metadata for a specific finding

Placeholders

Placeholder UI implemented for API key table, members table and account info pages

Fixed
App creation wizard modals will not overlay on each other

Application filters

Application filter shows application name instead of ID when navigating to the Applications page with query strings in the URL

Hover state color in dropdown menus

September 10, 2020

HawkScan (0.8.10)
Improvement
GraphQL file loading

Support using GraphQL schema from file

September 1, 2020

StackHawk Platform
Added
GA Release

August 28, 2020

StackHawk Platform
Fixed
Toast Notifications

Toast notifications now display error messages, in addition to success confirmations when taking action on scan findings

August 27, 2020

HawkScan (0.8.8)
Improvement
Error Logging

Use python `print()` in most places - errors still use the logging mechanism

Fixed
Terminal Output Colors

term_color flag is checked in the Logger module to respect colored output in the terminal

August 24, 2020

StackHawk Platform
Improvement
Billing

Improved access to the billing page from the account settings view

Slack Integration

Connect StackHawk with Slack and receive notifications on HawkScan events Read the docs

August 24, 2020

HawkScan (0.8.6)
Added
Terminal Output Colors

Adds colors and logging for YAML exceptions and clear color delineation for problem items in the YAML config

Improvement
Configuration Loader

Update the config loader to include the filename with the stream

Exception and Error Handling

Add new exception type for YAML exceptions, granulate the exception handler on the top level and add generic log output controls for info and error

Removed
ZAP False Positives

Disables certain zap plugins causing false positive reports in scanned applications

August 20, 2020

HawkScan (0.8.4)
Improvement
Improved GraphQL scanning support

Fixed
Auth recheck on long running scans

Modified HawkScan memory settings

August 17, 2020

StackHawk Platform
Added
Billing

Choose between the Startup, KaaKaww, or Enterprise Plans on the StackHawk settings page

Bamboo Integration

Find documentation on the StackHawk Bamboo Integration from the Integrations tab

Improvement
Findings Management Controls

Improved display of findings status in the right panel, linking to Jira from the right panel and updating status experience

Settings page routing

Each page of the settings menu has a dedicated URL

Fixed
Applications Card Display

Increased size of the kebab button on the cards of the Applications page

Getting Started Flow

Refreshing the page during the Getting Started flow will preserve your progress in the flow

August 17, 2020

HawkScan (0.8.2)
Fixed
Bug related to scanning for organizations without a subscription

August 17, 2020

HawkScan (0.8.0)
Added
Check for valid subscription when scanning

Improvement
Copy in terminal scan results output text

August 3, 2020

StackHawk Platform
Added
Pagination

Data returned for Findings and Scans tables is paginated to improve performance of unbounded data lists

Password Reset

Reset your password for accessing the StackHawk platform from the profile page

Improvement
Settings Navigation

Settings navigation is optimized for mobile and small screen sizes

Graph Popover

Hovering over the graphs on the Applications page will display details of a specific scan

Applications Options

From the Applications page view your latest scan results for a specific application by choosing one of the options in the kebab menu

July 22, 2020

StackHawk Platform
Added
Applications and Environments Overview

See current status, history of past scans, and manage your applications and environments via the Applications tab in the sidebar

Improvement
Finding Details pagination

Findings Details page contains pagination controls

Mobile UI

Modals display has been improved for usability on smaller screen sizes

Fixed
Cleanup Jira page request to remove excessive calls to get Jira projects and issues

July 13, 2020

StackHawk Platform
Added
Jira Integration

Integrate with your Jira Software instance to manage your appsec bugs by assigning and linking to Jira tickets Read the docs

Scan Filtering

Filter scans in the Scans List by Application and Environment

Integrations

New link to Azure Pipelines HawkDocs

Improvement
Findings Management

Scan findings URLs are now sorted alphabetically as well as by status

June 29, 2020

HawkScan (0.7.2)
Added
Header Replacer Support

Enables manipulation of request headers to better support apps running behind a proxy

GraphQL Config Section

Support for tuning the GraphQL introspection process

Rate Limiting Controls

Provides more control over the aggressiveness of the scanning capability

Kotlin Scripting Support

ZAP open source contribution for Kotlin support

Passthrough Config Support for ZAP

Supports advanced ZAP configuration via StackHawk YAML

Improvement
GraphQL Introspection

More support for enumeration types and improvements to the test query builder

Flexible logging control for ZAP

Adds support for debug logging

Transparent localhost proxy instead of url rewriting

Better support for scanning localhost networking scenarios and reverse proxies

June 19, 2020

StackHawk Platform
Added
Paths tab

Assess completeness of scans by reviewing all paths scanned by HawkScan

Integrations

New links to Concourse CI and Github Actions HawkDocs

Improvement
Findings Management

Bulk controls UI improvements, findings table UI improvements, and findings are sorted alphabetically

Findings Management Alert Rules

Alert rules are now specific to request method

Scans Table

Pagination controls are accessible at the top of the Scans table

This Announcement Panel!

See specific changes for HawkScan and StackHawk platform

Fixed
Applications Page Results

See up to 100 applications on Applications page

Invite users popup UX fixes

URI Truncation

URI truncation in many places throughout the application for readability

Validate Findings

curl command generated with double quotes around request body

June 6, 2020

HawkScan (0.6.14)
Added
Terminal Output

Scan progress is now printed to the terminal output

GraphQL Querying Improvements

June 5, 2020

StackHawk Platform
Added
StackHawk Authentication

Log in using any email via StackHawk authentication, or OAuth via Google and Github

Improvement
Findings Management

Take action from the Findings Management right panel for triaging your application’s security vulnerabilities

Fixed
App Creation Wizard

Add missing escape characters to downloaded StackHawk.yml from App Creation Wizard

May 29, 2020

StackHawk Platform
Added
This Announcement Panel!

Announcement panel is a source for release notes, social links, docs and submitting feedback

Findings Management

Users may now triage scan findings by marking them as Assigned, Risk Accepted or False Positive

Scans List Table

As part of Findings Management, the scan list will now reflect new findings (not yet triaged) and a count of triaged findings

Improvement
Browser Support and Logout Notification

Users on unsupported browsers will see a new informational page, and users logged out due to inactivity will be notified via toast notification

Faster Performance for Scan Findings Display

May 14, 2020

HawkScan (0.6.6)
Improvement
Support for GraphQL Union and Interface Types

Support OpenAPI and Graphql API Scanning with same Config and App

HawkScan now supports configuration for customers that utilize both OpenAPI spec and GraphQL API scanning

Fixed
Gitlab DAST Report Updates

Customers utilizing the StackHawk integration with Gitlab will now see findings updated in their report dashboard.

May 8, 2020

StackHawk Platform
Added
Curl Attack Regenerator

Users may quickly validate a finding by clicking the “Recreate” button. This generates a curl command that a user may paste into their terminal in debug mode and quickly recreate an attack

Improvement
Improvements to the Getting-Started Page Navigation

Scan List Pagination

Improvements to Mobile Styling

May 8, 2020

HawkScan (0.6.4)
Added
GitLab CI/CD Service Templates

May 4, 2020

StackHawk Platform
Added
Advanced Slack Integration Configuration

You may now configure updates from specific applications to be sent to specific channels in Slack, ensuring that your teams are only getting updates about the applications relevant to their workflow

Fixed
Logout event percolates across all open tabs

Login-timeout redirects will take you to the last requested page instead of the last visited page