For more information about StackHawk see https://www.stackhawk.com
To learn more about HawkScan and configuration options, check out our Documentation
StackHawk is a dynamic application security testing (DAST) tool built for developers. The StackHawk scanner (HawkScan) utilizes a YAML configuration file to supply operational settings to the scanner. To get started clone this repo and place the appropriate stackhawk.yml file into the root of your project directory.
For more help configuring Hawkscan, see our Documentation.
By default, the scanner will look for the stackhawk.yml file in the root of your directory. If you are running an API specific configuration (e.g. stackhawk-graphql.yml), be sure to specify the configuration file name at the end of the docker run command.
docker run --rm -v $(pwd):/hawk:rw -e API_KEY=hawk.xxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx -t stackhawk/hawkscan:latestdocker run --rm -v %cd%:/hawk -e API_KEY=hawk.xxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx -t stackhawk/hawkscan:latestdocker run --rm -v ${PWD}:/hawk -e API_KEY=hawk.xxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx -t stackhawk/hawkscan:latestdocker run --rm -v $(pwd):/hawk:rw -network host -e API_KEY=hawk.xxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx -t stackhawk/hawkscan:latest