Operations Engineer
Find out your applications’ dirty little secrets with dynamic scanning with the dynamic security application testing tool, StackHawk.
StackHawk is an open-source dynamic security application testing tool (DAST). It performs penetration tests on your application and workloads on your hardware and hosts the data on your behalf.
You can then scan as often as you like and automate the process for regular feedback, with the only constraint being the resources used to scan the application.
StackHawk provides opportunities to harden your security by bringing information to your attention! A proactive approach to these security issues allows you to strengthen your position before your application becomes exposed or is reported as having security issues requiring attention.
Using StackHawk will also enable you to spend more time developing content and features for your applications and less worrying about security issues.
We've put together an orb for CircleCI users so they can start adding it to their pipelines. Here's what the implementation would look like:
For those wanting to take advantage of additional guidance, we've created an example workflow to add to your CircleCI configuration. Please keep in mind the configuration values will be slightly different for your needs, and values hidden from visibility can be stored in environment variables or similar.
version: 2.1
orbs:
stackhawk: skpr/stackhawk@1
workflows:
dast_weekly:
jobs:
- dast:
context: global-org
triggers:
- schedule:
cron: "0 0 * * 1"
filters:
branches:
only:
- master
jobs:
dast:
machine:
image: ubuntu-2204:2022.10.2
steps:
- checkout
- stackhawk/configure:
app_id: "${STACKHAWK_APPID}"
env: "${STACKHAWK_ENV}"
host: http://127.0.0.1:8080
- stackhawk/scan:
api_key: ${STACKHAWK_API_KEY}
timeout: 3h
You can put yourself in the driver’s seat with an up-to-date report on the security of your application by integrating StackHawk with your CircleCI pipelines.
Our orb provides a simple and clean way for everybody to take advantage of the DAST. This simplified approach can help you in your quest to become more proactive in improving your security posture.