Read the Docs
Get up and running in less than an hour. Build the config file and then $ docker run hawkscan to find your security bugs.
Automate application and API security testing in CI/CD workflows
Test early, test often, and deliver secure applications
Application security at the speed of DevOps
Ship secure APIs with automated testing in CI/CD
Scale application security through engineering
Testing for OWASP top 10, automated in CI/CD
Check for GraphQL vulnerabilities on every pull request
Keep your gRPC services secure with automated security testing
Learn how to start scanning your application or API
Explore the StackHawk API and start integrating today
Integrate with the most popular developer tools
Identify, investigate, and triage security bugs in one place
Effectively scan authenticated routes and API endpoints in your application
StackHawk was built to streamline application and API security testing within your current workflows, giving teams the ability to find and fix within their CI/CD workflows prior to pushing any code to production.
StackHawk runs lightning fast dynamic security tests against applications and APIs. With testing for today's application architecture, your team will have more accurate vulnerability detection and faster fixes.
Shift application security testing left, running StackHawk tests alongside unit and integration tests. StackHawk is optimized for performance in the build pipeline, ensuring that newly introduced vulnerabilities are identified quickly.
Find and fix application security issues faster with StackHawk. Developers are notified of newly introduced vulnerabilities with GitHub pull request commenting, and are equipped to fix issues quickly within StackHawk.
Push an updated PR quickly with provided links to fix documentation.
Step through code with the same request and find the bug faster.
Scan every microservice on each PR and spend less time hunting when a finding is surfaced.
Your application security tooling is just another part of your engineering stack. With StackHawk, integrating AppSec into your existing workflows is easy.
StackHawk vs. Veracode
See exactly how StackHawk and Veracode stack up.
Security is shifting left with engineers being notified of new vulnerabilities before they hit production, and equipped for self-service triage and fix. StackHawk is the only dynamic application security testing tool built for developers.
Try StackHawkRequest a DemoFeature | ||
---|---|---|
DAST SCANNER | ||
Automated Authenticated Scanning | ||
Server-side HTML Application Testing | ||
Single Page Application Testing | ||
SOAP API Testing | ||
REST API Testing | ||
GraphQL Testing | ||
Technology Specific API Scan Configs | ||
Optimized for Fast Scanning in CI/CD | ||
No Infrastructure Configuration Required | ||
CI/CD AUTOMATION | ||
Findings Triage and State Management | ||
Finding History and Documentation | ||
Docker-Based Scanner to Scan Anywhere | ||
Integrations with All Major CI/CD Tools | ||
TESTING EXPERIENCE | ||
User-First Web Application | ||
Simplified YAML Configuration | ||
Simplified Fixes with Docs and cURL Command Generation | ||
Slack Integration | ||
MS Teams Integration | ||
Jira Integration | ||
Datadog Integration | ||
OpenAPI Spec Integration for API Testing |