Changelog

Most 3rd party/OAuth providers can now be directly configured in the stackhawk.yml without addditional authentication scripts.

HawkScan can now be installed via a pkg file for Mac OS.

Fixed a bug where HawkScan perch would not run from the Windows Executable version. To run hawk perch browser or hawk perch start --with-chrome on Windows arm 64 versions, Visual C++ Redistributable needs to be installed. Follow the link below and select the link for the x86 architecture to download the vc_redist.x86.exe installer.

Added custom test to check if weak ciphers are enabled on the host during hawk scan.

When HawkScan is run with the --enable-preflight flag, it will detect if the application is possibly running in a CDN.

Limited the recurssion depth of gRPC data generation and added in more data types.

When HawkScan is run with the --log-http flag, it will log all http requests and responses.

This update enhances the clarity of the host URL information and adds a dropdown to specify the required URL format.

This newly added page provides key context to help new users get started with StackHawk successfully.

Users can create multiple applications per repository.

Improvements to the repositories table data display.

Clicking on the repository table row will navigate users to the repository details page.

Dedicated repository details page where users can manage it and its application mappings easily.

Added a flag to the open-api splitter to allow for max parameters in a single file or endpoint.

HawkScan will now check to see if the browser is installed on the OS before running the ajax spider.

Fixed a bug where HawkScan would error if a branch was specified in the HAWK_GIT_REV environment variable

Introduced the --enable-preflight flag, allowing users to run a preflight check during scans. This feature is designed to provide warnings for potential issues in application configurations. Please note that this feature is currently in its alpha stage, and we welcome your valuable feedback to enhance its effectiveness.

Added hawk perch start --with-chrome and --with-proxy-info to enable using hawk perch as a recording proxy. Run hawk perch start --help for details.

Added hawk perch stop --har-file=<har file name> to save the perch recorded session as a har file. Run hawk perch stop --help for details.

Support for using a HAR file or directory of HAR files as the spider for the scan process.

Allows for supplying a command to authenticate to the scanned application.

Automatically renews JWTs before token expiration.

Added checks for Broken Object Property Level Authorization and Broken Function Level Authorization for OpenAPI specifications.

Added a link to repositories page.

Various bugfixes and improvements.

Added endpoint to get application tech flags.

Added endpoint to retrieve the current scan policy configured for a specific application.

Added endpoint to lists all available StackHawk scan policies, providing details of each policy.

Added endpoint to returns details of a specific StackHawk scan policy.

Added endpoint to assign scan policy plugins to an application's scan policy.

Added endpoint to enable/disable an app scan policy plugin.

Added endpoint to update technology flags for an application, affecting the behavior of plugins during HawkScan runs.

The StackHawk UI now soars on React 18, bringing enhanced performance and innovation! Tonight, the engineering flock rests as their dreams of this upgrade take flight!

HawkScan now has experimental support for testing for Broken Object-level Authorization and Insecure Direct Object Reference vulnerabilities. Using the OpenAPI - Experimental named scan policy will test for these vulnerabilities.

Improved disk usage and network throttling when running HawkScan in memory constrained environments.

Added a --no-progress CLI flag to hawk scan to disable progress bars when running HawkScan, ideal for scanning in a CI pipelines.

Fixed a bug when checking a scanned host is started when configuring app.waitForAppTarget.path.

Enhanced vulnerability descriptions with clear remediation steps, risk details, and multi-language code examples.

General improvements to the functionality of the repositories table.

Fixes a bug in all filters when an app, env, or team is deleted.

Issues created for vulnerabilities in Jira are now automatically linked to StackHawk scan finding paths.

Github Insights is officially GA.

Users can filter their repositories by languages and topics.

Archived and forked repositories will be hidden by default. Use the toggle to explore all hidden repositories.

Updates to improve the filtering and sorting of the Repositories table.

Now view how many repositories you have selected next to the Create Applications button.

Teams and Users are now included in the left hand navigation for quicker access.

Hide and show hidden repositories using our new Hidden toggle on on the Repositories page.

View what languages and topics a repository is using by clicking in the table and getting a run down in the right panel.

Policy Management Documentation is now directly linkable from the Policy Management and Application Settings pages.

Repositories will now have an icon to indicate if they are forked or archived.

Forked and Archived repositories will be hidden by default on the Repositories page.

We improved the way you save your Tech Flags in the Optimization Panel.

We added a hyperlink that will take you to the scan details of the last scan from the Repositories page.

Users can now configure the path to their Root CA Certificate in the stackhawk.yml file and HawkScan will dynamically load that certificate for communication through a transparent proxy

Fixed an issue where validating HawkScan config was caught in a loop and not validating

Fixed an issue where the validate auth command was not working

Team Members can now see their Organization ID in the Organization Details tab of their Settings.

The columns of the Repositories table are now sortable.

HawkScan now has the ability to create applications from the command line.

HawkScan now sports more colorful terminal output, and shows a progress bar when discovering large OpenAPI specifications.

Include and Exclude Path configuration now applies to OpenAPI specifications. Paths in an OpenAPI specification will not be discovered if they are excluded, and will only be discovered if they are included.

Fixed a bug when scanning with large GraphQL API schemas causing HawkScan to not finish correctly.

Fixed a bug where Include and Exclude Paths would not be respected on Windows, or could find no results with conflicting entries.

HawkScan logs to the .hawk/logs directory in the user home directory on Windows.

GitHub Insights Beta Launch! Connect your GitHub repositories to StackHawk applications. Track StackHawk scans in context with code repositories, bulk create applications to scan from these repositories, and invite code contributors into the platform all in one place.

There were a few types of API documentation that were not being included in scan discovery for optimization tips. Now, GraphQL, gRPC, and SOAP APIs will all count towards having scan discovery enabled.

The empty states for the Applications Page and the Scans Page will now prompt you to make and configure your Applications, and invite more hawks to your nest.

For organizations on the StackHawk enterprise plan, owner & admin roles can now create new teams directly from the Teams dropdown on the Applications and Scans pages.

Added experimental support for running HawkScan as an ongoing daemon process for authentication validation.

Added support for supplying multiple cookies and tokens.

improved custom value injection for more granularity when scanning OpenAPI, GRPC or GraphQL APIs with HawkScan.

It is now possible to run HawkScan configured with a url to a stackhawk.yml file.

Fixed a bug that prevented scanning gRPC applications over tls.

Fixed a bug where HawkScan could fail to start if a Zap process was not previously stopped or running as a daemon with hawk perch.

Fixed a few bugs where error or debug logging of messages from Zap would not have headers fully redacted when configured.

A variety of bugfixes supporting outbound proxy behavior, particularly when running HawkScan with proxy support on Windows.

The scan details page now displays our new Optimization Tips panel which houses key feature configuration advice to improve your scan speed and accuracy. We've also added the optimization icon to the application environment cards so you can quickly identify which configurations need your attention. This is available only for Pro and Enterprise plan.

We would love to know a little more about you, so we've added a role collection to the signup page. This will help us continue to improve our experience.

Because we know that sometimes getting the details of a new application requires the help of your developers, we've added quick access to the user invite flow directly to the create an app wizard.

Added support for defining values in the stackhawk.yml to be redacted from HawkScan logs.

Added support for HawkScan to be used with an outbound proxy.

Updated and optimized networking libraries.

Fixed a bug with the location of HawkScan logs on Windows.

StackHawk now supports Atlassian Security in Jira functionality with the existing jira cloud addon.

StackHawk has deprecated support for the Jira Data Center Integration.