Open a PR and run a HawkScan Test

For the test to run, you must add the Application ID for the Javaspringvulny Application you created in
StackHawk to your HawkScan configuration file. You can edit the HawkScan configuration file directly in GitHub. The GitHub Action workflow file you added to your Javaspringvulny fork (stackhawk-actions-workflow.yml) will run when a Pull Request (PR) is opened to update the main branch in the repository. Once you open a PR to update the HawkScan configuration file with your changes, the GitHub Action will run and HawkScan will test the application. Like magic . . .

To open a PR and run a HawkScan test:

  1. Click the Code tab, to go to the code view of your Javaspringvulny fork in GitHub.
  2. Click the stackhawk-actions.yml file, and click the icon to edit the file.
  3. Paste the App ID you coped in step 4 as the applicationId value.

    GitHub edit file

  4. Select Create a new branch for this commit and start a pull request, and click Propose changes.

    GitHub propose changes

  5. Click Create pull request.
  6. Click Create pull request.
  7. Click Details for the StackHawk Actions / stackhawk-hawkscan (pull_request). You will see the GitHub Actions workflow logs running the following:
    • Set up job
    • Check out Repo!
    • Build and Run Vulny!
    • HawkScan
    • Post Check out Repo!

Next, go back to StackHawk and view your results.