Much like everything in life requires more cowbell, HawkScan requires an API Key to run a test. This API Key (generated in step 1) identifies your account and grants you access to use HawkScan. Luckily, you can add your API Key to GitHub as a secret, so it can be used safely during the GitHub Action of running the test. How convenient is that?
To add the API Key as a repository secret:
- In your Javaspringvulny fork, click the Settings tab.
Click Secrets > Actions in the main navigation.
- Click New repository secret.
- Enter HAWK_API_KEY for the New secret Name.
NOTE: This name must match the name for the variable used in the GitHub Action workflow file. See step 6.
- Add your StackHawk API Key for the Secret.
- Click Add secret.
Next, go back to StackHawk and get an Application ID.