CloudBees action: Scan with StackHawk

Use this action to scan a web application with the StackHawk dynamic application security testing (DAST) scanner.

All CloudBees action repositories are listed at CloudBees, Inc. on GitHub.

Inputs

Table 1. Input details
Input name	Data type	Required?	Description
`token`	String	Yes	The StackHawk token.
`app-id`	String	Yes	The StackHawk application ID.
`environment`	String	Yes	The application environment name.
`auth-type`	String	Yes	The authorization type. Supported types are: None (`"noauth"`) Username/password (`"UsernamePasswordAuth"`) Auth0 (`"auth0"`)
`paths`	String	Yes	The application paths to scan.
`test-path`	String	Yes	The file path to comparison test, which contains known security vulnerabilities.
`url`	String	Yes	The application URL.
`app-username-form-field-name`	String	Required only if `auth-type: "UsernamePasswordAuth"`.	The form field name of the application username.
`app-password-form-field-name`	String	Required only if `auth-type: "UsernamePasswordAuth"`.	The form field name of the application password.
`app-username`	String	Required only if `auth-type: "UsernamePasswordAuth"`.	The application username.
`app-password`	String	Required only if `auth-type: "UsernamePasswordAuth"`.	The application password.
`domain`	String	Required only if `auth-type: "auth0"`.	The StackHawk domain.
`client-id`	String	Required only if `auth-type: "auth0"`.	The StackHawk client ID.
`client-secret`	String	Required only if `auth-type: "auth0"`.	The StackHawk client secret.

Usage examples

The following display an example of each authorization type in use.

No authorization

In the case of auth-type: "noauth":

      - name: Scan with StackHawk noauth
        uses: cloudbees-io/stackhawk-dast-scan-environment@v1
        with:
          token: ${{ secrets.STACKHAWK_TOKEN }}
          app-id: "your-application-id"
          environment: "Development"
          auth-type: "noauth"
          paths: "/components1,/components2"
          test-path: "/component-test"
          url: "https://example.com"▼

Username/password authorization

In the case of auth-type: "UsernamePasswordAuth":

      - name: Scan with StackHawk user passwd
        uses: cloudbees-io/stackhawk-dast-scan-environment@v1
        with:
          token: ${{ secrets.STACKHAWK_TOKEN}}
          app-id: "your-application-id"
          environment: "Development"
          auth-type: "UsernamePasswordAuth"
          paths: "/index.jsp?content=personal.htm"
          test-path: "/index.jsp?content=personal.htm"
          url: "https://demo.testfire.net"
          app-username-form-field-name: "uid"
          app-password-form-field-name: "passw"
          app-username: "admin"
          app-password: ${{ secrets.STACKHAWK_PASSWORD }}▼

Auth0 authorization

In the case of auth-type: "auth0":

      - name: Scan with StackHawk auth0
        uses: cloudbees-io/stackhawk-dast-scan-environment@v1
        with:
          token: ${{ secrets.STACKHAWK_TOKEN }}
          app-id: "your-application-id"
          environment: "Development"
          auth-type: "auth0"
          paths: "/dashboard,/organisations,/standards"
          test-path: "/components"
          url: "https://example.com"
          domain: "https://cbcdev.eu.auth0.com"
          client-id: ${{ secrets.STACKHAWK_CLIENT_ID }}
          client-secret: ${{ secrets.STACKHAWK_CLIENT_SECRET }}▼