The StackHawk Platform

If you haven’t already, signup for the waitlist at stackhawk.com.

Getting started

After signing into the StackHawk web app you’ll be presented with the following to configure your first scan!

  • Create an Application: The Getting Started flow will prompt you to name your application. This may be the name of a repo, or a directory in a monorepo, where you want to store the configuration correlating the the application you’ll be scanning. This will generate a unique ApplicationID which will be populated in the yaml that you’ll put in your code base for HawkScan to call. The ApplicationID ensures that scans and associated findings are organized correctly in the StackHawk UI.

  • Define Environment: HawkScan can run in any environment you choose. We recommend you begin by scanning local/dev or in pre-production.
  • Define Host: After naming your application and defining its environment where you will be pointing HawkScan, define the Host where this running application can be accessed by the scanner.
  • YAML: The getting started flow will populate the minimum config in yaml format that will allow you to run HawkScan against your application. In the next step you will download stackhawk.yml and put it in your codebase.

Note: This is the minimum configuration required to run a scan. For a more complete scan of your application, refer to the authentication documentation and OpenAPI spec documentation.

API Key Management

As you set up your StackHawk account, you will be prompted to copy and paste your api key into a secure store. This api key authenticates you to the StackHawk platform.

Should you misplace or need to refresh your api key, API Key management is located under your Profile -> Settings -> API Keys. Users can create up to 5 api keys.

URIs/Paths

HawkScan results are populated in the scan list page. Metadata associated with your scan includes URI count. This is the number of paths the scanner was able to find and test. If this number is low, it is unlikely the scanner has found much of your application. Read about adding authentication instructions to the yml or feeding an OpenAPI spec to ensure greater app coverage.

Browser Support

StackHawk is designed and built to support modern web browsers. For the best experience, we recommend downloading the newest version of your preferred browser.

We currently support the following versions:

Desktop

Mobile

The StackHawk app is only partially supported on Chrome and Safari mobile browsers at this time.

Beta and developer builds

The StackHawk app does not currently support beta releases or developer builds of supported browsers.

Browser add-ons or extensions

Browser add-ons may interfere with the StackHawk app. If you are experiencing unexpected behaviors, we suggest disabling any browser add-ons or extensions that may be interfering with the StackHawk app.

If you are having issues or would like to provide feedback on the desktop or mobile browsing experience, please contact StackHawk support.