StackHawk
Sign In
Get a Demo

Secure Your Apps and
Scale Your Program

StackHawk supports developers and security teams throughout their AppSec modernization journey, from our shift-left testing built to keep pace with modern development to our complete platform that gives you the visibility you need to scale.

Get a demo
Compare Features

Secure

Shift-Left DAST & API Security Testing that runs directly in CI/CD to enable developers to fix critical application and API security vulnerabilities.

  • Fast, incremental scans in CI/CD
  • Runtime testing for modern apps & APIs
  • Integrated into development workflows
  • Remediation guidance
Get a demo

Scale

StackHawk’s AppSec Intelligence Platform combines attack surface mapping from code and continuous oversight to help teams scale their AppSec programs. With Scale, you get everything in Secure, and much more:

  • SAST & DAST correlation
  • AI-powered fixes as code
  • Application & API discovery from code
  • Auto-generated OpenAPI specs
  • Continuous test coverage oversight
  • Program effectiveness metrics
Get a demo

Best-in-Class Testing. Built for Modern Development.

Both of our plans include our industry-leading shift-left DAST, built from the ground up for CI/CD velocity and modern app architectures. Here’s what makes our testing different.

Pre-Production Testing in CI/CD

Catch critical vulnerabilities before production without slowing down development. Runs natively in your CI/CD infrastructure with Docker and CLI tools for any development environment.

Deterministic Scans, High-Signal Findings

StackHawk’s runtime testing is optimized for speed, reliability, and depth of scanning to minimize noise. Every finding includes cURL-based validation commands to verify exploitability.

Developer-Friendly Feedback Loops

Security findings are delivered directly in developer workflows, with contextual guidance and fixes-as-code. Native integrations with dev tools accelerate triage and remediation cycles.

Modern Application & API Support

Complete coverage for REST, GraphQL, SOAP, and gRPC APIs across microservices, SPAs, and traditional applications. Authentication as code ensures effective and reliable scanning.

Unlimited Scanning & Users

StackHawk plans are based on number of code contributors—not usage—so you get unlimited testing across every environment without usage caps or additional user licensing costs.

Enterprise Security & Support

SSO authentication, API access for custom workflows, and advanced integrations. Comprehensive documentation and email-based support from our Customer Success team.

Comparing Plans

Secure gives you best-in-class runtime testing. Scale adds complete attack surface visibility from source code and the intelligence you need to manage and prove the effectiveness of your AppSec program.

Features

Secure

Scale
Shift-Left DAST & API Testing
CI/CD-native runtime testing
Modern app architecture support (REST, GraphQL, SOAP, gRPC)
Developer-friendly remediation
Unlimited scans & environments
OWASP Top 10 coverage
Business Logic Testing
Attack Surface Discovery
Discover apps & APIs from source code
-
Repository connections & monitoring
-
Sensitive data detection
-
Risk-based prioritization (development activity signals)
-
Testing coverage metrics
-
AI-Powered Features
-
AI-powered OpenAPI spec generation
-
AI-generated fix recommendations
Workflow Integrations
Communication (Slack, Microsoft Teams)
Ticketing (Jira Cloud & Self-Hosted)
CI/CD Pipelines
Source Code Management - Cloud (GitHub, GitLab)
Source Code Management - Enterprise (GitHub Enterprise, GitLab Self-Hosted, Azure Repos, Bitbucket)
-
SAST Correlation
CodeQL
-
EndorLabs
-
Semgrep
-
Snyk
-
Enterprise Features
SSO & team management
API access & webhooks
Custom policies
Audit logs
Compliance integrations (Vanta)
-

Which plan is for you?

Choose Secure if:

  • You're replacing a legacy DAST tool that can't keep up with CI/CD velocity
  • You need runtime application security testing that developers will actually adopt
  • Your primary goal is finding and fixing vulnerabilities before production
Get a demo

Choose Scale if:

  • You're scaling your AppSec program and need visibility into what you have
  • You want to understand which applications are high-risk and need testing priority
  • You need to demonstrate program effectiveness to executives or the board
Get a demo

Security testing inside your AI assistant with Vibe

StackHawk Vibe is a single-user plan that gives you the power of StackHawk dynamic testing without leaving your AI code assistant.

$5/month

Learn More

Reimagine Your AppSec Program

One click to start discovering everything you’re exposed to.

Schedule a Demo