Here's a quick rundown of how to run a StackHawk scan against Juice Shop.
In this fork of the Juice Shop repo, we have added a couple of files.
README_STACKHAWK.md- This file.stackhawk.yml- A working StackHawk scan configuration file. You should updateapp.applicationIdto match your App ID for Juice Shop in your StackHawk org.stackhawk_create_user.sh- A shell script to create the test user account,test@test.com.*stackhawk_auth_token.sh- A shell script to login to Juice Shop and fetch a JWT, which is used to authenticate the scanner to Juice Shop.
This guide assumes that you have:
- Set up prereqs for Cypress
- Installed the StackHawk CLI
- Exported your StackHawk API key as the environment variable
API_KEY - Exported your Juice Shop App ID from StackHawk as
JS_APP_ID
NOTE: Before scanning Juice Shop, you should start up a
screensession so that you can detach and re-attach to your session from your laptop. The scan may take 10 hours or longer to complete.
Install Juice Shop dependencies
npm installBuild and run Juice Shop as a Docker Container
docker-compose up --build --detachOr if you prefer, run Juice Shop in the background using NPM
npm start &Create the test user, test@test,com:
./stackhawk_create_user.shRun HawkScan
hawk scan