# StackHawk MCP

> StackHawk connects your AI client to the StackHawk DAST platform. This MCP lets you run automated security scans, find vulnerabilities, and manage alerts without leaving your chat interface. It turns complex security protocols into simple natural language commands for effortless risk assessment.

## Overview
- **Category:** security-compliance
- **Price:** Free
- **Tags:** dast, application-security, security-testing, vulnerability-management, ci-cd-pipeline, automated-scanning

## Description

Security testing shouldn't mean juggling dashboards and running command-line tools just to check for basic vulnerabilities. This connector gives your AI client direct access to StackHawk’s dynamic application security testing (DAST) capabilities. You can ask your agent to assess a live environment, list all registered applications, or get the full details of a specific scan run using simple conversation.

When you need to check for threats, you don't have to manually navigate through multiple reports. Simply instruct your AI client to find critical alerts from a recent test and then classify them—say, marking a false positive or accepting the risk. This capability accelerates remediation across modern CI/CD pipelines. All this power is accessible through Vinkius, making it one place for all your connected services. Your agent handles the complex authentication and data retrieval so you just get actionable security insights.

## Tools

### get_application_details
Retrieves detailed configuration information for a specific StackHawk application.

### get_organization_details
Gets overall details about your StackHawk organization, including subscription tier status.

### get_scan_alerts
Downloads specific security alerts discovered during a DAST scan run.

### get_scan_results
Provides detailed results and metadata for any given DAST scan execution.

### list_applications
Lists all registered DAST applications within your entire StackHawk organization.

### list_environments
Shows all configured environments (like Development, Staging, Production) available for an application scan.

### list_api_keys
Lists all API keys set up in the organization, useful for auditing access hygiene.

### list_scans
Displays a list of all DAST scan executions, including high-level alert counts.

### login
Authenticates with StackHawk and obtains the necessary bearer access token for subsequent tool use.

### triage_alert
Changes the status of a specific DAST security alert to 'false positive', 'risk accepted', or 'in progress'.

## Prompt Examples

**Prompt:** 
```
Log in with my API token, list my projects and environments, then show the critical vulnerabilities from the latest scan.
```

**Response:** 
```
Authentication successful. 🔒
**Applications (`list_applications`)**:
- `Payment-Gateway-Core`
- `Internal-Admin-Dashboard`

**Environments (`list_environments`)**:
- `Production`
- `Staging`

**Critical Alerts (`get_alerts`)**:
- SQL Injection — Risk: High — Endpoint: /api/auth
```

**Prompt:** 
```
Run a new scan against the Production application.
```

**Response:** 
```
Scan initiated via `run_scan`. ✅
The DAST audit is running asynchronously. Track progress with `list_scans` using the returned UUID.
```

## Capabilities

### Running Automated Security Scans
Start comprehensive DAST audits against specific environments or halt running scans when they are finished.

### Auditing Application Assets
Retrieve a complete list of all monitored applications and the different operational environments (like Staging or Production) for any given app.

### Retrieving Vulnerability Reports
Fetch detailed metadata about past scans, or download individual security alerts to understand exactly what was found.

### Managing and Classifying Alerts
Instruct the system to review a specific vulnerability alert and assign it a status like 'false positive' or 'risk accepted'.

## Use Cases

### Responding to a Major Incident
An engineer notices unusual behavior on Production. They instruct their agent: 'Check for all scans run against Production in the last 24 hours, get the alerts, and flag anything that looks like an SQL injection.' The agent uses `list_scans`, then `get_scan_alerts` to compile a risk report instantly.

### Onboarding New Services
A developer has deployed a new microservice. They ask their agent to 'Register this new service and run a baseline scan.' The agent first uses `get_application_details` to check configuration, then initiates the test via `run_scan`, ensuring immediate coverage.

### Reducing Alert Fatigue
The security team receives hundreds of alerts weekly. They ask their agent: 'Review all high-risk findings from the last scan and classify any known false positives.' The agent uses `get_scan_alerts` followed by `triage_alert`, cutting down manual cleanup time.

### Pre-Deployment Checklist
Before deploying to Staging, a team lead asks the agent: 'List all active applications and confirm we have an environment configured for testing.' The agent uses `list_applications` and then `list_environments`, confirming readiness before code merge.

## Benefits

- You don't have to jump between dashboards. Your AI client lets you start a scan, review the `list_scans` results, and then immediately pull detailed findings using `get_scan_alerts`, all without switching tabs.
- Stop spending time manually classifying risks. After a scan, simply tell your agent to review critical alerts and use `triage_alert` to mark known false positives or accept the risk on high-priority items.
- Gain visibility into every part of your stack. Use `list_applications` and `list_environments` to get a complete inventory of every service you're monitoring, ensuring nothing gets overlooked in compliance checks.
- Audit credentials easily. The `list_api_keys` tool lets you check which API tokens are active across the organization, improving overall security hygiene without manual database lookups.
- Keep your development flow going. Instead of pausing work to run a scan, you can instruct the agent to initiate it using `run_scan`, and then track its progress using `list_scans` while continuing other tasks.
- Get deep data instantly. If you need full metadata on what was found, use `get_scan_results`. This tool provides more detail than just an alert count, giving the engineering team actionable context.

## How It Works

The bottom line is that your AI client handles the complex API calls and data parsing, allowing you to manage advanced security operations using natural language only.

1. First, authenticate your connection by using the `login` tool to get a valid bearer token for StackHawk.
2. Next, ask your AI client to list applications (`list_applications`) or environments (`list_environments`) to scope out what needs scanning.
3. Finally, instruct the agent with specific commands—for example, 'Run a scan on Production and then triage any high-risk alerts'—to execute actions.

## Frequently Asked Questions

**How do I start a new scan using StackHawk MCP?**
You use the agent to call the `run_scan` tool, specifying which application and environment you want to audit. The system handles the initiation process for you.

**Can StackHawk MCP help me check my API token status?**
Yes, you can use `list_api_keys` to retrieve a list of all configured API keys for your organization, helping you audit which credentials are active and needed.

**What if I find an alert that is false positive? How do I handle it?**
You use the `triage_alert` tool. You simply tell the agent to review a specific vulnerability finding and change its status to 'false positive' or 'risk accepted'.

**How many applications can StackHawk MCP list?**
The `list_applications` tool retrieves all DAST applications registered in your organization, providing you with a complete inventory of monitored services.

**Is the data from get_scan_results always up to date?**
Yes. The results come directly from StackHawk’s live scan records, giving you detailed metadata and ensuring you're working with current information regarding a specific DAST run.