On every new pull request, a StackHawk scan will run against your application, service, or API to find any newly introduced vulnerabilities from your code or your open source components.
Quick Triage of Findings
If alerted of a new security finding, developers have all of the information needed at their fingertips. With clear descriptions of vulnerabilities and the request/response details that triggered the finding, developers can take action now or send to an existing team backlog.
Simplified Fixes
Developers can copy a cURL command to recreate the request that triggered the finding, leading them right to the bug. With links to fix documentation, it’s never been faster to remediate security bugs.
What it Tests
As a dynamic testing tool, StackHawk is language agnostic.
StackHawk is proudly built on open source ZAP, the most widely used application security scanner.
With a decade of market leading security testing capabilities and an active open source community, StackHawk leverages scanning technology that security teams trust.
Push an updated PR quickly with provided links to fix documentation.
cURL Command Recreation
Step through code with the
same request and find the
bug faster.
Smaller Test Units
Scan every microservice on each PR and spend less time hunting when a finding is surfaced.
Integrations
Your application security tooling is just another part of your engineering stack.
With StackHawk, integratingAppSec into your existing workflows is easy.
... and more
Getting Started
Test Your Application
Get started with a local test:
Sign up for an account
Build your initial config
Kick off a Docker-based scan on the command line
Review findings
Expand config to include underlying APIs, authenticated scans, and more
We use first and third party cookies to ensure that we give you the best experience on our website and in our products. If you continue to use this site we will assume that you are happy with it and we'll let corporate know.OKPrivacy policy