Upgrading to HawkScan 4.0.0
Table of contents
HawkScan 4.0.0 has been released and is major upgrade and there are some breaking changes.
You do not have to upgrade to HawkScan 4.0.0 yet and HawkScan 3.x.x versions are still supported.
This page will address breaking changes you may encounter when upgrading, with solutions for these problems, and instructions to use older HawkScan 3.9.0 if you’re not ready to upgrade.
Breaking changes
There are a few breaking changes in HawkScan 4.0.0 that will require you to make some changes to
your runtime configurations and scripts if you use them.
Docker image
The HawkScan docker image stackhawk/hawkscan:4.0.0 has been updated to reflect the change
in our scan engine from ZAP to HSTE which you can learn more about here.
Due to this change we’ve updated the default user of our docker container from zap to steve.
Who’s Steve? StackHawk’s hawk mascot has a name, and it’s Steven S. Hawk which is why we’re using
steve as the username.
The changes made to the docker container are as follows…
- Default working directory
/zap->/steve
- Username
zap->steve
- Users home directory
/home/zap->/home/steve
Supported Java versions
HawkScan 4.0.0 requires a minimum version of Java 17
and supports up to Java 21.
NOTE: Java 22 is NOT supported yet.
If you see an error similar to the following you’ll need to install a compatible version of Java.
java.lang.UnsupportedClassVersionError: com/stackhawk/hste/Bootstrap
has been compiled by a more recent version of the Java Runtime (class file version 61.0),
this version of the Java Runtime only recognizes class file versions up to 55.0
HawkScan Action
When using HawkScan GitHub Action
you’ll need to include an install step for a compatible version of Java as the ubuntu-latest runner
uses Java 11 as its default version.
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
Azure Extensions
When using Azure Extension you’ll need to include an install step for a compatible version of Java.
# update pipeline to use the correct version of Java
- task: JavaToolInstaller@0
inputs:
versionSpec: "17"
jdkArchitectureOption: "x64"
jdkSourceOption: "PreInstalled"
Zip or Brew Installers
When using the Zip file install be sure to install a compatible version of Java, like Java 17.
If using brew run the following command to install Java 17.
brew install openjdk@17
HawkScan Scripts
Due to the change of ZAP to HSTE the package names of dependencies in HawkScan scripts have changed.
If you see an error similar to the following you’ll need to update the script import package names as follows.
Example error
TypeError: Access to host class org.zaproxy.zap.authentication.AuthenticationHelper
is not allowed or does not exist.
Package name change
org.zaproxy.zap->com.stackhawk.hstecom.stackhawk.zap->com.stackhawk.hste
Example name change
Old
org.zaproxy.zap.authentication.AuthenticationHelper
New
com.stackhawk.hste.authentication.AuthenticationHelper
I’m not ready to upgrade
If you’re not ready to upgrade or the breaking changes create work you’re not ready to prioritize.
You can keep using HawkScan 3.9.0 by pinning the version of HawkScan in your preferred runtime.
Docker
If you use the docker image for running scan set the tag to 3.9.0 eg: stackhawk/hawkscan:3.9.0.
HawkScan GitHub Action
If you’re using the HawkScan GitHub Action set the following variables on the HawkScan action configuration.
- name: Run HawkScan
id: run-hawkscan
uses: stackhawk/hawkscan-action@main
with:
sourceURL: https://download.stackhawk.com/hawk/cli
version: 3.9.0
Azure Extensions
If you’re using the Azure Extension set the following variables on the HawkScan Install and Run configurations.
steps:
- task: HawkScanInstall@1
inputs:
version: "3.9.0"
- task: RunHawkScan@1
inputs:
configFile: "stackhawk.yml"
version: "3.9.0"