FlightPath

FlightPath is the fastest way to turn an application you can click through into a working StackHawk scan configuration. Instead of hand-writing a stackhawk.yml — and especially the authentication section — you open your application in a StackHawk-hosted browser, log in, and click around the parts you want covered. FlightPath watches what you do and builds a config for you.

When to Use FlightPath

Use FlightPath when you want to:

• Bootstrap a new application without writing YAML from scratch.
• Capture a working login flow so authenticated scans just work.
• Explore an app you don’t have local tooling for — the browser runs in StackHawk’s infrastructure, not on your machine.
• Create a config for an application behind SSO or a complex auth flow, where recording the flow is easier than describing it.

If you already have a stackhawk.yml and just need to validate it, use the Scan Config Drawer instead.

How It Works

1. Start a session. From the application view, launch FlightPath and point it at the URL you want to configure. StackHawk provisions a browser in its hosted infrastructure.
2. Use your application. Log in, visit the pages and APIs you want scanned, and complete any auth-gated flows. FlightPath records the requests, the authentication handshake, and the routes you touch.
3. Stop the session when you’re done. FlightPath assembles a stackhawk.yml from what it observed — scoped to the host you explored, so unrelated third-party domains aren’t pulled in.
4. Review and scan. You can either keep the generated config as-is or open it in the Hosted Config Editor to fine-tune. When you’re ready, launch a scan from the same application.

Session Controls

A FlightPath session is a live browser. Alongside the browser chrome you’ll see session controls:

• Back to Applications (minimize) — step away from the session without stopping it. FlightPath keeps running in the background; you can return to it at any time.
• Stop Session — end the session and finalize the generated configuration. You’ll be asked to confirm before the session is torn down.

While a session is minimized, StackHawk shows a floating indicator that follows you across the platform. Clicking it returns you to the live session. The originating application also appears at the top of the applications list with an in progress status until the session completes.

Running Multiple Sessions

You can have more than one FlightPath session running at the same time — useful when you’re configuring several applications in parallel. Each session is independent, runs its own hosted browser, and produces its own configuration. Use the FlightPath entry in the left-hand navigation to see and switch between active sessions.

After the Session

When a session completes, StackHawk offers a few paths forward:

• Start a scan using the generated configuration.
• View the generated YAML to review, edit, or copy it for use elsewhere.
• Go back to the application and continue configuring or scanning.

The output config is a regular StackHawk stackhawk.yml — anything you can do with a hand-written configuration also works here. See Hosted Configuration for how to edit it further.