Below is a high level overview of what is included in the Early Access (with features to be added continuously).
Finding Security Bugs with HawkScan
HawkScan is our command-line based security bug scanner. Run a single Docker command and let HawkScan hunt out bugs in your running application. After finalizing config, add HawkScan to your build pipeline to ensure you are catching security bugs before they hit production.
Unlike dependency checking tools, StackHawk finds bugs in the code that you / your team have written, no matter where you build/deploy it. This can include SQL Injection, OS Command Injection, Cross Site Scripting, Open Redirects, and so much more.
Fix Bugs with Request / Response and Documentation
Once you’ve run the scan, hop into the StackHawk app to view scan results and troubleshoot bugs. With fix documentation, you can learn more about what the bug is and why it matters. And with clear request / response payloads for bugs, you can troubleshoot and check fixes easily.
Config as Code
Manage your scanner configuration with our YAML based config to ensure that you are building a scalable AppSec process. With our YAML config, you can manage config across multiple environments and ensure that you are ready to scan at every stage of the build pipeline.
The StackHawk YAML is also where you manage authenticated scans and route definition for single page applications. Learn more about config options in our HawkDocs documentation.
Ready to Get Started?
You can join the waitlist at stackhawk.com, fill out our onboarding survey, and or reach out to us at hello@stackhawk.com. We are pulling developers off the waitlist on a daily basis and onboarding them onto the Early Access program. We would love to have you using StackHawk too.
