

StackHawk Platform
Your complete runtime application and API security testing platform.

API Attack Surface Discovery
Automatically map your complete API attack surface

Runtime Application Security Testing
Seamlessly find and fix app vulnerabilities in runtime

Application Security Oversight
Continuously monitor your application security risk

Integrations

Use Cases

Modern DAST
Runtime, pre-production testing for apps & APIs

Shift-Left API Security Testing
Ship secure APIs with automated testing in CI/CD

Code-Based Sensitive Data Detection
Identify and test APIs handling PII, PCI, and PHI data

gRPC Security Testing
Keep your gRPC services secure with automated testing

GraphQL Security Testing
Check for GraphQL vulnerabilities on every pull request

Industries

Healthcare
Secure HIPPA Data and Maintain Trust with StackHawk

FinServ
Move beyond GLBA and SOX checkboxes

Developers

Docs
Learn how StackHawk works and integrates in your stack

Technical Blogs
Dive into common vulnerabilities and how to fix them

Getting Started
Start scanning your application or API with our tutorials

StackHawk API
Explore the StackHawk API and start integrating today

Security

Watch a Demo
See the StackHawk platform and scanner in flight

Blog
Read product updates, guides, tutorials, and more

Shift-Left Maturity Model
Get best practices for embracing shift-left AppSec

All Resources
Dive into our webinars, news, reports, and more

About Us

KaaKaww!! Meet our hawksome team and discover what makes our nest so special.

Customers
Read about how innovators use StackHawk to ship securely

Partners
Learn about our technology and channel partners

Contact
Give us a squawk

Careers
See our open positions to join our nest

News
Hot off the perch: see what we’ve been up to

Sign In

Blog

API Security Testing

Building Secure CI Pipelines Using GitHub Actions

Scott Gerlach | Jul 29, 2020

Share on LinkedIn

Share on X

Share on Facebook

Share on Reddit

Send us an email

Last week, I had the privilege of joining Sherif Koussa, Founder and CEO of Software Secured , to chat about ensuring security in production applications by adding application security testing into the CI pipeline.

Watch the video below for details on how to add security checks into CI using GitHub Actions , including:

Dynamic Application Security Testing (DAST)
Static Application Security Testing (SAST)
Secrets Detection

For more details on instrumenting StackHawk with GitHub Actions, check out our documentation .

More Hawksome Posts

Stop Choosing Between SAST and DAST—Start Connecting Them

Learn how correlating SAST and DAST results eliminates redundant work, prioritizes based on real exploitability, and gives developers clear, actionable fixes.

DAST Onboarding in Minutes with StackHawk’s GitHub Copilot Custom Agent

Product Updates & News

We are excited to announce StackHawk’s GitHub Copilot Custom Agent that analyzes your repository’s source code, generates a complete DAST configuration, and creates a working CI/CD security testing workflow—all in just minutes. No more setup friction between development and security. No more “we’ll add security testing later.” Just intelligent configuration that identifies what you should test, and starts finding runtime vulnerabilities faster.

Decoding the Flavors of DAST: From Legacy Scanners to AI Pen Testing

AppSec loves buzzwords, but not all “modern” or “AI-powered” testing lives up to the promise. The truth: applications keep getting more complex, vulnerabilities persist, and teams still struggle to fix issues fast. It’s time to separate marketing spin from real capability.