HawkScan provides the information and tools you need to fix security vulnerabilities in your applications. But how do you know if you’ve fixed a vulnerability for certain? For instance, if you’ve incorporated HawkScan into your CI/CD pipeline, you can make a fix, commit it, open a PR, and hope that your fix passes the next test. But that scenario is time-consuming, requiring you to wait for a full build process and a full HawkScan to run.
With HawkScan 2.9, you now have the ability to Rescan Findings. Rescan only runs the plugins that were alerted on in your previous scan, allowing you to quickly iterate on vulnerability fixes before pushing code to your remote repository.
A new feature’s code is merged, introducing a vulnerability into your application’s code base. HawkScan reports the vulnerability as a new finding, shows you the affected paths, and provides you with feedback on how to fix it.
Great! Now you know how to fix it. So let's say, you do a quick fix and push it up to your CI platform of choice. However, it fails again. Instead of doing a full push into your CI/CD pipeline and waiting for an entire build process and scan to run, you can run a local scan on only the alerts that were previously found.
Sound familiar? It should! It's the same way you’d run unit tests on only the failed tests.
The Rescan command
Using the `hawk rescan` command will run the latest scan, or a specific scan if an ID is supplied, against your application. This rescan will only test your application with plugins that had findings on the previous run. To use Rescan, go to the StackHawk scan details page with the vulnerability. From here, you can hit the Rescan Findings button to get the code to rescan your application.
Simply copy/paste the command into your terminal and it will run a scan with only the plugins that were previously alerted on. You can see the difference between the number of plugins that were run in the first test compared to the number of plugins that were run in the rescan:
Rescanning the previous findings only took a third of the time of the original scan.
StackHawk will include the findings of a rescan and show you what you fixed from the previous scan. The StackHawk Scan Details page now includes a Fixed counter that shows the number of alerts fixed between this scan and the previous scan, as well as a summary table of all fixed findings. Now that's validation!
📺 See It in Action
Getting Started With Rescan
New to StackHawk?
Don't have an app to test? Follow the Javapspringvulny Tutorial to try out StackHawk without connecting your own application or configuring an environment
Already a StackHawk User?
Read the Rescan docs to start validating fixes faster
Need some help? Reach out to firstname.lastname@example.org or send us a chat!