StackHawk logo featuring a stylized hawk icon on the left and STACKHAWK in bold, uppercase letters to the right. The white text and icon on a light gray background reflect its focus on Shift-Left Security in CI/CD.
Sign In
Get a Demo

Secure Your Apps and
Scale Your Program

StackHawk supports developers and security teams throughout their AppSec modernization journey, from our shift-left testing built to keep pace with modern development to our complete platform that gives you the visibility you need to scale.

Get a Demo
Compare Plans
A neon blue gear icon with a code symbol () in the center, set against a dark square background with a glowing blue border—perfect for illustrating Dynamic Application Security Testing (DAST) or runtime vulnerability detection.

Secure

Shift-Left DAST & API Security Testing that runs directly in CI/CD to enable developers to fix critical application and API security vulnerabilities.

  • Fast, incremental scans in CI/CD
  • Runtime testing for modern apps & APIs
  • Integrated into development workflows
  • Remediation guidance
M

See StackHawk in Action

Schedule a 30-minute live product demo with expert Q&A

G2 Reviews logo

 4.6 | 68 Reviews

"*" indicates required fields

Name*
Consent

For more information about how StackHawk handles your personal data, please see our Privacy Policy.

Get a Demo
A minimalist icon of three stacked, outlined rectangles glowing in green on a dark background, symbolizing layered data or a database and representing Dynamic Application Security Testing (DAST).

Scale

StackHawk’s AppSec Intelligence Platform combines attack surface mapping from code and continuous oversight to help teams scale their AppSec programs. With Scale, you get everything in Secure plus:

  • SAST & DAST correlation
  • AI-powered fixes as code
  • Application & API discovery from code
  • Auto-generated OpenAPI specs
  • Continuous test coverage oversight
  • Program effectiveness metrics
M

See StackHawk in Action

Schedule a 30-minute live product demo with expert Q&A

G2 Reviews logo

 4.6 | 68 Reviews

"*" indicates required fields

Name*
Consent

For more information about how StackHawk handles your personal data, please see our Privacy Policy.

Get a Demo

Best-in-Class Testing.
Built for Modern Development.

Both of our plans include our industry-leading shift-left DAST, built from the ground up for CI/CD velocity and modern app architectures. Here’s what makes our testing different.

A blue outline of a three-dimensional infinity symbol on a light blue background, representing the endless possibilities of Dynamic Application Security Testing (DAST).

Pre-Production Testing in CI/CD

Catch critical vulnerabilities before production without slowing down development. Runs natively in your CI/CD infrastructure with Docker and CLI tools for any development environment.

A simple turquoise line drawing of a circular shield or badge with a checkmark in the center, shown at an angle on a light blue background, symbolizes AppSec Risk Prioritization for effective runtime vulnerability detection.

Deterministic Scans, High-Signal Findings

StackHawk’s runtime testing is optimized for speed, reliability, and depth of scanning to minimize noise. Every finding includes cURL-based validation commands to verify exploitability.

A blue outline icon of a speech bubble containing coding symbols, resembling a terminal or code snippet, on a light blue background—ideal for representing Dynamic Application Security Testing (DAST) processes.

Developer-Friendly Feedback Loops

Security findings are delivered directly in developer workflows, with contextual guidance and fixes-as-code. Native integrations with dev tools accelerate triage and remediation cycles.

A minimalist teal line drawing of a computer monitor displays "API" on its screen, symbolizing GraphQL & gRPC API Security, set against a light blue background.

Modern Application & API Support

Complete coverage for REST, GraphQL, SOAP, and gRPC APIs across microservices, SPAs, and traditional applications. Authentication as code ensures effective and reliable scanning.

A turquoise icon showing a bar graph with three vertical bars of increasing height and a dotted line graph above them, symbolizing API Attack Surface Discovery, on a light blue background.

Unlimited Scanning & Users

StackHawk plans are based on number of code contributors—not usage—so you get unlimited testing across every environment without usage caps or additional user licensing costs.

A light blue line drawing of a webpage with a checklist and a ribbon badge featuring a checkmark, symbolizing verification or certification in the context of Dynamic Application Security Testing (DAST).

Enterprise Security & Support

SSO authentication, API access for custom workflows, and advanced integrations. Comprehensive documentation and email-based support from our Customer Success team.

Comparing Plans

Secure gives you best-in-class runtime testing. Scale adds complete attack surface visibility from source code and the intelligence you need to manage and prove the effectiveness of your AppSec program.

Features
A neon blue gear icon with at its center, representing coding or development and highlighting Shift-Left Security in CI/CD, set against a dark background.
Secure
A minimalist green line icon of three stacked rectangles, resembling books or server layers, on a dark background—perfect for illustrating API Attack Surface Discovery or Runtime Vulnerability Detection.
Scale
Shift-Left DAST & API Testing
CI/CD-native runtime testing
Modern app architecture support (REST, GraphQL, SOAP, gRPC)
Developer-friendly remediation
Unlimited scans & environments
OWASP Top 10 coverage
Business Logic Testing
OWASP LLM Top 10 coverage
Attack Surface Discovery
Discover apps & APIs from source code
-
Repository connections & monitoring
-
Sensitive data detection
-
Risk-based prioritization (development activity signals)
-
Testing coverage metrics
-
AI-Powered Features
-
AI-powered OpenAPI spec generation
-
AI-generated fix recommendations
Workflow Integrations
Communication (Slack, Microsoft Teams)
Ticketing (Jira Cloud & Self-Hosted)
CI/CD Pipelines
Source Code Management - Cloud (GitHub, GitLab)
Source Code Management - Enterprise (GitHub Enterprise, GitLab Self-Hosted, Azure Repos, Bitbucket)
-
SAST Correlation
CodeQL
-
EndorLabs
-
Semgrep
-
Snyk
-
Enterprise Features
SSO & team management
API access & webhooks
Custom policies
Audit logs
Compliance integrations (Vanta)
-

Which plan is for you?

Choose Secure if:

  • You're replacing a legacy DAST tool that can't keep up with CI/CD velocity
  • You need runtime application security testing that developers will actually adopt
  • Your primary goal is finding and fixing vulnerabilities before production
M

See StackHawk in Action

Schedule a 30-minute live product demo with expert Q&A

G2 Reviews logo

 4.6 | 68 Reviews

"*" indicates required fields

Name*
Consent

For more information about how StackHawk handles your personal data, please see our Privacy Policy.

Get a Demo

Choose Scale if:

  • You're scaling your AppSec program and need visibility into what you have
  • You want to understand which applications are high-risk and need testing priority
  • You need to demonstrate program effectiveness to executives or the board
M

See StackHawk in Action

Schedule a 30-minute live product demo with expert Q&A

G2 Reviews logo

 4.6 | 68 Reviews

"*" indicates required fields

Name*
Consent

For more information about how StackHawk handles your personal data, please see our Privacy Policy.

Get a Demo

Security testing inside your AI assistant with Vibe

StackHawk Vibe is a single-user plan that gives you the power of StackHawk dynamic testing without leaving your AI code assistant.

$5/month

Learn More

Reimagine Your AppSec Program

One click to start discovering everything you’re exposed to.

M

See StackHawk in Action

Schedule a 30-minute live product demo with expert Q&A

G2 Reviews logo

 4.6 | 68 Reviews

"*" indicates required fields

Name*
Consent

For more information about how StackHawk handles your personal data, please see our Privacy Policy.

Get a Live Demo