Scan Configuration

For more information about StackHawk see https://www.stackhawk.com

To learn more about HawkScan and configuration options, check out our Documentation

Overview

StackHawk is a dynamic application security testing (DAST) tool built for developers. The StackHawk scanner (HawkScan) utilizes a YAML configuration file to supply operational settings to the scanner. To get started clone this repo and place the appropriate stackhawk.yml file into the root of your project directory.

Configuration Files

• Basic Configuration
• REST API
• GraphQL API
• SOAP API

Authenticated Scanning

• Cookie Authentication
• Token Authentication
• External Token Authentication

For more help configuring Hawkscan, see our Documentation.

Running the scanner

By default, the scanner will look for the stackhawk.yml file in the root of your directory. If you are running an API specific configuration (e.g. stackhawk-graphql.yml), be sure to specify the configuration file name at the end of the docker run command.

Bash

docker run --rm -v $(pwd):/hawk:rw -e API_KEY=hawk.xxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx -t stackhawk/hawkscan:latest

Windows CLI

docker run --rm -v %cd%:/hawk -e API_KEY=hawk.xxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx -t stackhawk/hawkscan:latest

PowerShell

docker run --rm -v ${PWD}:/hawk -e API_KEY=hawk.xxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx -t stackhawk/hawkscan:latest

Linux

docker run --rm -v $(pwd):/hawk:rw -network host -e API_KEY=hawk.xxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx -t stackhawk/hawkscan:latest