The most straightforward way to kick off a HawkScan is through the command line.
Kick off a scan by running the following docker command:
docker run --rm -v $(pwd):/hawk:rw -e API_KEY=hawk.xxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx -it stackhawk/hawkscan:latest stackhawk.yml
To better understand what this command does, let’s break it down:
docker runis how you run a new command in a Docker container
--rmtells Docker to automatically remove the HawkScan container once the scan has completed
-v $(pwd):/hawk:rwwill mount the current working directory into the container, giving HawkScan access to local files in the repository, including the
-it stackhawk/hawkscan:latestwill run Docker with the
stackhawk/hawkscanimage, creating an interactive
bashshell in the running container. The
:latestat the end of the command specifies the HawkScan docker image tagged with the latest update should be pulled down and used.
The last parameter
stackhawk.yml is input into the Docker container, specifying the name of the applicable configuration file(s) to use. This last input is optional; if not provided, it will instead find and use the
stackhawk.yml configuration in the current working directory.