Add the API Key as a repository secret

Much like everything in life requires more cowbell, HawkScan requires an API Key to run a test. This API Key (generated in step 1) identifies your account and grants you access to use HawkScan. Luckily, you can add your API Key to GitHub as a secret, so it can be used safely during the GitHub Action of running the test. How convenient is that?

To add the API Key as a repository secret:

  1. In your Javaspringvulny fork, click the Settings tab.
  2. Click Secrets > Actions in the main navigation.

    Repository secrets in GitHub

  3. Click New repository secret.
  4. Enter HAWK_API_KEY for the New secret Name.

    NOTE: This name must match the name for the variable used in the GitHub Action workflow file. See step 6.

  5. Add your StackHawk API Key for the Secret.
  6. Click Add secret.

Next, go back to StackHawk and get an Application ID.