app.host is a required field in stackhawk.yml -- it represents the root URL of the application being scanned.
What do we mean by root URL?
HawkScan allows the following options for URL's in
an FQDN in a URL (
an IP:PORT in a URL (
a domain as a URL (
this approach is uncommon -- scans should be granular, localized, and non-production in nature
localhost as URL
While the above examples use https, http (e.g.,
http://localhost:5000) is also an option within the URL
If not port is specified in the URL, the default http port (
80) or https port (
443) are assumed
But what about paths?
Specific paths (e.g., API paths such as
https://myapp.com/api/v2) can be scanned, but can't serve as the root of the application to be scanned.
If you have applications for which communication with the root application url is not allowed (i.e., only specific paths respond to http messages, but the root does not), reach out to StackHawk Support for assistance.
Set app.host according to the rules above
Configure HawkScan to populate the paths beneath the application root, via:
Run a scan