Frequently Asked Questions

StackHawk is a dynamic application security testing (DAST) platform that finds vulnerabilities in running applications and APIs. It consists of HawkScan (the scanner that runs against your applications) and the StackHawk Platform (where results are analyzed and managed). The scanner identifies security issues before code reaches production.

Install HawkScan using our platform-specific installers: brew for macOS, the Windows installer for Windows, or the ZIP package for Linux. Once installed, verify it’s working with hawk --version in your terminal. Our macOS and Windows installers include the required Java 17+ runtime.

To run your first scan, you need: a StackHawk account, the HawkScan CLI installed, an API key (obtained during account creation), a running application to scan (or use our sample applications), and a basic stackhawk.yml configuration file pointing to your application.

StackHawk can scan traditional web applications, single-page applications (SPAs), REST APIs, GraphQL, SOAP, and gRPC services. It’s designed for modern architectures including microservices and works with applications built in any programming language.

For APIs, specify your API type in the stackhawk.yml file and provide API definition files like OpenAPI/Swagger specs or Postman collections. This helps HawkScan understand your API structure and test endpoints more effectively than relying on discovery alone.

Yes! StackHawk is specifically designed for CI/CD integration. We provide dedicated plugins and actions for GitHub, GitLab, CircleCI, Jenkins, and other CI systems. This enables automated security testing with every build or pull request.

Optimize scans by configuring Technology Flags to focus only on relevant technologies for your application, using API definition files rather than relying solely on discovery, and setting appropriate scan scope with include/exclude patterns in your configuration file.

Yes, customize scanning using scan policies. You can select which vulnerability tests to enable/disable based on your application needs. This helps reduce scan time and false positives while focusing on security issues most relevant to your application.

Yes, StackHawk works great with containerized applications. You can run HawkScan as a container alongside your application containers, and we provide Helm charts for Kubernetes integration. This makes it easy to test applications in containerized environments.

StackHawk detects all OWASP Top 10 vulnerabilities including injection flaws, broken authentication, sensitive data exposure, broken access control, security misconfigurations, cross-site scripting (XSS), and more. The platform is regularly updated with new security tests.