Find, Triage, and Fix
Security Bugs

It’s Simple with StackHawk

How it Works

Automated Scan on Every PR

On every new pull request, a StackHawk scan will run against your application, service, or API to find any newly introduced vulnerabilities from your code or your open source components.

Quick Triage of Findings

If alerted of a new security finding, developers have all of the information needed at their fingertips. With clear descriptions of vulnerabilities and the request/response details that triggered the finding, developers can take action now or send to an existing team backlog.

Simplified Fixes

Developers can copy a cURL command to recreate the request that triggered the finding, leading them right to the bug. With links to fix documentation, it’s never been faster to remediate security bugs.

What it Tests

As a dynamic testing tool, StackHawk is language agnostic.

Server Side

Single Page




Built on ZAP

StackHawk is proudly built on open source ZAP, the most widely used application security scanner.

With a decade of market leading security testing capabilities and an active open source community, StackHawk leverages scanning technology that security teams trust.

Fixing Vulnerabilities

Fix Documentation

Push an updated PR quickly with provided links to fix documentation.

cURL Command Recreation

Step through code with the same request and find the bug faster.

Smaller Test Units

Scan every microservice on each PR and spend less time hunting when a finding is surfaced.


Your application security tooling is just another part of your engineering stack.
With StackHawk, integratingAppSec into your existing workflows is easy.

... and more

Getting Started

Test Your Application

Get started with a local test:
  • Sign up for an account
  • Build your initial config
  • Kick off a Docker-based scan on the command line
  • Review findings
  • Expand config to include underlying APIs, authenticated scans, and more

Test Google Firing Range

See data from a sample application:
  • Sign up for an account
  • Select Google Firing range sample
  • Review findings
  • Copy config to run your own GFR scan
  • Modify config to test your own application

StackHawk proudly supports and is free for Open Source projects.

Want to add StackHawk to your open source project? Get in touch.

Ready for more?

Read the Docs

Get up and running in less than an hour. Build the config file and then 

$ docker run hawkscan to find your security bugs.

Get Started

Find and fix application security bugs before they hit production. Build your config and run your first scan in less than 15 minutes.


Extra text goes here

KAAKAWW!!! [ kǝn'grats ]

You're signed up for the newsletter!
We’ll keep you up to date on content and other happenings here at StackHawk.

KAAKAWW!!! [ kǝn'grats ]

The Demo Gods Approve!
We’ll reach out to you soon to schedule a 45 minute demo. Please complete this 3 minute survey so we can prepare a demo that is specific to you.

KAAKAWW!!! [ kǝn'grats ]

You're signed up for the newsletter!
We’ll keep you up to date on content and other happenings here at StackHawk.