StackHawk Platform

StackHawk Platform

Getting Started

  • Generate an API Key
  • Define your app & env
  • Download StackHawk.yml
  • Deploy Docker / Run the Scan

Prerequisites for Running Your First Scan

  • Some basic knowledge or your application.
  • An account on StackHawk.
  • Some basic knowledge of Docker, or a willingness to try!
  • Some basic terminal or bash knowledge and prior experience using the command line is helpful.

Generate an API Key

StackHawk requires an API key to authenticate to the Platform.

Getting Started - Create an API Key

You will be prompted to copy and paste your initial API key into a secure store. Should you misplace or need to refresh your API key, API Key management is located under your Profile -> Settings -> API Keys.


mkdir ~/.hawk
echo "export HAWK_API_KEY=hawk.xxxxxxxxxx.xxxxxxxxxx" > ~/.hawk/hawk.rc


mkdir "~\.hawk"
echo '$env:HAWK_API_KEY="hawk.xxxxxxxxxx.xxxxxxxxxx"' > $home\.hawk\hawk.ps1

Configure your App and Environment

Create an Application and define your initial environment.

Getting Started - Configure App

Application Name

This may be the name of your application, git repository, or a directory in a monorepo, where you want to store the StackHawk configuration. Each application will have a unique applicationId, which will ensure that scans and associated findings are organized properly in the Platform.

App Environment

StackHawk can run in any environment you choose. We recommend you begin by scanning local/dev or in pre-production, but it’s most effective in CI/CD


Where your running application can be accessed by the scanner (e.g. http://localhost:8080).


HawkScan (the StackHawk scanner) uses a YAML configuration file to supply operational settings to the scanner. Below is the minimum configuration to run a scan, you can find more information in the Configuration section of the docs. The stackhawk.yml configuration should be placed in the same directory as your application codebase.

  applicationId: kkAAAKAW-kAWW-kkAA-WWwW-kAAkkAAAAwWW
  env: Development
  host: http://localhost:8080

Run your first scan

StackHawk uses Docker to run the scanner, use the following Docker command to initialize the scanner:


source ~/.hawk/hawk.rc
docker run -e API_KEY=${HAWK_API_KEY} --rm -v $(pwd):/hawk:rw -it stackhawk/hawkscan:latest


& "~\.hawk\hawk.ps1"
docker run -e API_KEY=$env:HAWK_API_KEY --rm -v ${PWD}:/hawk:rw -it stackhawk/hawkscan:latest

Once you run your scan head over to the scan dashboard to view your results.

Next: Viewing Scan Results