Skip to content
| Marketplace
Sign in
Azure DevOps>Azure Pipelines>HawkScan
HawkScan

HawkScan

StackHawk

|
165 installs
| (1) | Free
StackHawk provides dynamic application vulnerability scanning from development to production.
Get it free

StackHawk

StackHawk HawkScan Extension

The StackHawk HawkScan Azure Extension makes it easy to integrate application security testing into your Azure devops pipeline.

About StackHawk

Here's the rundown:

  • 🧪 Modern Application Security Testing: StackHawk is a dynamic application security testing (DAST) tool, helping you catch security bugs before they hit production.
  • 💻 Built for Developers: The engineers building software are the best equipped to fix bugs, including security bugs. StackHawk does security, but is built for engineers like you.
  • 🤖 Simple to Automate in CI: Application security tests belong in CI, running tests on every PR. Adding StackHawk tests to a DevOps pipeline is easy.

Getting Started

  • Get your application set up in StackHawk with our quickstart guide.

Use the HawkScan Extension

The HawkScan Extension helps software engineers and security teams run HawkScan, the dynamic application security testing tool within their cicd pipeline.

The goal is to run HawkScan as part of the build, against a running web application.

The HawkScanInstall task will download and install a version of HawkScan.

  • version: The version of HawkScan to be installed. If omitted, the latest version of hawkScan will be installed.
  • installerType: There are 3 options the user can pick from, auto, zip, and msi. For unix auto will default to zip installer. For windows auto will default to msi installer, and zip Installer is also available as option.
  • installPath: The path on the system to install HawkScan. Defaults the install to ~\hawk-VERSION .
trigger:
  - main

pool:
  vmImage: windows-latest

steps:
  - task: HawkScanInstall@1
    inputs:
      version: latest
      installerType: auto

RunHawkScan task will start HawkScan against your running web application application, by default it will run the latest version.

Include the HAWK_API_KEY environment variable set with your StackHawk API Key. This is required.

  • repoDir: Directory containing your stackhawk.yml files. Config file arguments will be searched for in this directory. By default this will be the current directory.
  • configFile: The default YAML stackhawk.yml configuration file or files used by HawkScan, located in the repoDir. This file can be changed by supplying the file name as an argument. Click here for details on how to configure HawkScan.
  • version: The version of HawkScan to run. If omitted, the latest version of HawkScan will run.
  • installPath: The path on the system to run HawkScan from, if it was set from the install task.

trigger:
- main

pool:
  vmImage: ubuntu-latest

- task: RunHawkScan@1
  inputs:
    configFile: 'stackhawk-test.yml'
    version: 'latest'
    installPath: /usr/bin/custom/hawk/path

The HAWK_API_KEY environment variable is the StackHawk API Key that needs to be set. This is required.

For more info on how to set env variable in your Azure pipeline please use this link

Java Version HawkScan 4 and above requires Java 17 through 21. To ensure Java is at the correct version in your pipeline you will need to add the Java Tool Installer step to your pipeline.


- task: JavaToolInstaller@0
  inputs:
    versionSpec: "17"
    jdkArchitectureOption: "x64"
    jdkSourceOption: "PreInstalled"

The final version of the build file will look a little bit like this:

trigger:
  - main

pool:
  vmImage: ubuntu-latest

steps:
  # install hawkscan onto the machine
  - task: HawkScanInstall@1
    inputs:
      version: latest
      installerType: auto
      
  # update pipeline to use the correct version of Java
  - task: JavaToolInstaller@0
    inputs:
      versionSpec: "17"
      jdkArchitectureOption: "x64"
      jdkSourceOption: "PreInstalled"

  # download then start your web app in the background
  - script: |
      curl -Ls https://github.com/kaakaww/javaspringvulny/releases/download/0.1.0/java-spring-vuly-0.1.0.jar -o ./java-spring-vuly-0.1.0.jar
      java -jar ./java-spring-vuly-0.1.0.jar &
      
  # run hawkscan on the machine
  - task: RunHawkScan@1
    inputs:
      configFile: stackhawk-test.yml
      version: latest
    env:
      HAWK_API_KEY: $(API_KEY) # the recommended way to map to an env variable

Need Further Assistance?

If you have questions or need help, please email us at support@stackhawk.com.

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2025 Microsoft