Find, Triage, and Fix
Security Bugs
It’s Simple with StackHawk

How It Works

Automated Scan on Every PR
On every new pull request, a StackHawk scan will run against your application, service, or API to find any newly introduced vulnerabilities from your code or your open source components.

Quick Triage of Findings
If alerted of a new security finding, developers have all of the information needed at their fingertips. With clear descriptions of the vulnerability and the request/response details that triggered the finding, developers can take action now or send to an existing team backlog.

Simplified Fixes
Developers can copy a cURL command to recreate the request that triggered the finding, leading them right to the bug. With links to fix documentation, remediating security bugs has never been faster.
What StackHawk Tests
As a dynamic testing tool, StackHawk is language agnostic.
Server Side HTML
Single Page Applications
REST APIs
GraphQL APIs
Authenticated Applications
Fixing Vulnerabilities

Push an updated PR quickly with provided links to fix documentation.

Step through code with the same request and find the bug faster.

Scan every microservice on each PR and spend less time hunting when a finding is surfaced.
Integrations
Your application security tooling is just another part of your engineering stack. With StackHawk, integrating AppSec into your existing workflows is easy.













Getting Started
Test Your Application
- Sign up for an account
- Build your initial config
- Kick off a Docker-based scan on the command line
- Review findings
- Expand config to include underlying APIs, authenticated scans, and more
Test Google Firing Range
- Sign up for an account
- Select Google Firing range sample
- Review findings
- Copy config to run your own GFR scan
- Modify config to test your own application