Running HawkScan

Running HawkScan through the Docker CLI

The most straightforward way to kick off a HawkScan is through the command line. Start a scan by running the Docker command for your operating system.


Run the following from a PowerShell prompt.

To set up the environment:

mkdir "~\.hawk"
echo '$env:HAWK_API_KEY="hawk.kkAAAKAWkAWWkkAAWWwW.kkAAAKAWkAWWkkAAWWwW"' > $home\.hawk\hawk.ps1

To run the scan:

& "~\.hawk\hawk.ps1"
docker run -e API_KEY=$env:HAWK_API_KEY --rm -v ${PWD}:/hawk:rw -it stackhawk/hawkscan:latest

NOTE: If you see errors such as file not found or cannot start service, you may need to enable shared folders in Docker.


Docker Run Command

# docker run -e API_KEY=$env:API_KEY --rm -v $(pwd):/hawk:rw -it stackhawk/hawkscan:latest

Bash Alias Command

# supply api keys in an env file; ~/.hawk/hawk.rc for example  
mkdir ~/.hawk
echo "API_KEY=hawk.kkAAAKAWkAWWkkAAWWwW.kkAAAKAWkAWWkkAAWWwW" > ~/.hawk/hawk.rc

# Create a new alias to docker run HawkScan and point to ~/.hawk/hawk.rc
echo "alias hawkscan='docker run --env-file ~/.hawk/hawk.rc \
    -ti -v \`pwd\`:/hawk:rw stackhawk/hawkscan:latest'" >> ~/.bashrc

# Source the alias and run HawkScan, now available as `hawkscan`
source ~/.bashrc 
hawkscan stackhawk.yml

Updating HawkScan Version

The current HawkScan version is: 0.11.8

To get the latest version of HawkScan, run this docker command:

docker pull stackhawk/hawkscan 

Docker Command Deep Dive

To better understand what this command does, let’s break it down:

  • docker run is how you run a new command in a Docker container
  • --rm tells Docker to automatically remove the HawkScan container once the scan has completed
  • -v $(pwd):/hawk:rw will mount the current working directory into the container, giving HawkScan access to local files in the repository, including the stackhawk.yml configuration file
  • -it stackhawk/hawkscan:latest will run Docker with the stackhawk/hawkscan image, creating an interactive bash shell in the running container. The :latest at the end of the command specifies the HawkScan docker image tagged with the latest update should be pulled down and used.
  • stackhawk.yml is an optional input into the source parameter. It is input into the Docker container to specify the name of the applicable configuration file(s) to use. If it is not provided, Docker will instead find and use the stackhawk.yml configuration in the current working directory.