
StackHawk HawkScan Extension
The StackHawk HawkScan Azure extension makes it easy to integrate application security testing into your CI pipeline.
About StackHawk
Here's the rundown:
- 🧪 Modern Application Security Testing: StackHawk is a dynamic application security testing (DAST) tool, helping you catch security bugs before they hit production.
- 💻 Built for Developers: The engineers building software are the best equipped to fix bugs, including security bugs. StackHawk does security, but is built for engineers like you.
- 🤖 Simple to Automate in CI: Application security tests belong in CI, running tests on every PR. Adding StackHawk tests to a DevOps pipeline is easy.
Getting Started
Use the HawkScan Extension
HawkScanInstall task will download and install a version of HawkScan.
version
: The version of HawkScan to be installed. If omitted, the latest version of hawkScan will be installed.
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- task: HawkScanInstall@0
inputs:
version: latest
RunHawkScan task will run HawkScan against your application, by default it will run the latest version
.
repoDir
: Directory containing your stackhawk.yml files. Config file arguments will be searched for in this directory. By default this will be the current directory.
configFile
: The default YAML file used by HawkScan is the stackhawk.yml file located in the current working directory. However this file can be changed by supplying the file name as an argument.
version
: The version of HawkScan to run. If omitted, the latest version of hawkScan will run. This version need to match the installed version.
trigger:
- main
pool:
vmImage: ubuntu-latest
- task: RunHawkScan@0
inputs:
configFile: 'stackhawk-test.yml'
version: 'latest'
HAWK_API_KEY
is the StackHawk API Key that needs to be set as an env var to be used by RunHawkScan task. This is required.
For more info on how to set env variable in your Azure pipeline please use this link
The final version of the build file will look a little bit like this:
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- task: HawkScanInstall@0
inputs:
version: latest
- task: RunHawkScan@0
inputs:
configFile: "stackhawk-test.yml"
version: "latest"
env:
HAWK_API_KEY: $(API_KEY) # the recommended way to map to an env variable
Need Help?
If you have questions or need some help, please email us at support@stackhawk.com.