StackHawk HawkScan Extension

The StackHawk HawkScan Azure extension makes it easy to integrate application security testing into your CI pipeline.

About StackHawk

Here's the rundown:

• 🧪 Modern Application Security Testing: StackHawk is a dynamic application security testing (DAST) tool, helping you catch security bugs before they hit production.
• 💻 Built for Developers: The engineers building software are the best equipped to fix bugs, including security bugs. StackHawk does security, but is built for engineers like you.
• 🤖 Simple to Automate in CI: Application security tests belong in CI, running tests on every PR. Adding StackHawk tests to a DevOps pipeline is easy.

Getting Started

• Get your application set up in StackHawk with our quickstart guide

Use the HawkScan Extension

HawkScanInstall task will download and install a version of HawkScan.

• version: The version of HawkScan to be installed. If omitted, the latest version of hawkScan will be installed.

trigger:
  - main

pool:
  vmImage: ubuntu-latest

steps:
  - task: HawkScanInstall@0
    inputs:
      version: latest

RunHawkScan task will run HawkScan against your application, by default it will run the latest version.

• repoDir: Directory containing your stackhawk.yml files. Config file arguments will be searched for in this directory. By default this will be the current directory.
• configFile: The default YAML file used by HawkScan is the stackhawk.yml file located in the current working directory. However this file can be changed by supplying the file name as an argument.
• version: The version of HawkScan to run. If omitted, the latest version of hawkScan will run. This version need to match the installed version.

trigger:
- main

pool:
  vmImage: ubuntu-latest

- task: RunHawkScan@0
  inputs:
    configFile: 'stackhawk-test.yml'
    version: 'latest'

HAWK_API_KEY is the StackHawk API Key that needs to be set as an env var to be used by RunHawkScan task. This is required.

For more info on how to set env variable in your Azure pipeline please use this link

The final version of the build file will look a little bit like this:

trigger:
  - main

pool:
  vmImage: ubuntu-latest

steps:
  - task: HawkScanInstall@0
    inputs:
      version: latest
  - task: RunHawkScan@0
    inputs:
      configFile: "stackhawk-test.yml"
      version: "latest"
    env:
      HAWK_API_KEY: $(API_KEY) # the recommended way to map to an env variable

Need Help?

If you have questions or need some help, please email us at support@stackhawk.com.