StackHawk
A Model Context Protocol (MCP) server for integrating with StackHawk's security scanning platform. Provides security analytics, YAML configuration management, sensitive data/threat surface analysis, and anti-hallucination tools for LLMs.
178
18 Tools
Version 4.43 or later needs to be installed to add the server automatically
Use cases
About
StackHawk MCP MCP Server
A Model Context Protocol (MCP) server for integrating with StackHawk's security scanning platform. Provides security analytics, YAML configuration management, sensitive data/threat surface analysis, and anti-hallucination tools for LLMs.
Characteristics
| Attribute | Details |
|---|---|
| Docker Image | mcp/stackhawk |
| Author | stackhawk |
| Repository | https://github.com/stackhawk/stackhawk-mcp |
| Dockerfile | https://github.com/stackhawk/stackhawk-mcp/blob/feature/image-entrypoint/Dockerfile |
| Docker Image built by | Docker Inc. |
| Docker Scout Health Score | |
| Verify Signature | COSIGN_REPOSITORY=mcp/signatures cosign verify mcp/stackhawk --key https://raw.githubusercontent.com/docker/keyring/refs/heads/main/public/mcp/latest.pub |
| Licence | Other |
Available Tools (18)
| Tools provided by this Server | Short Description |
|---|---|
analyze_sensitive_data_trends | Analyze sensitive data trends and changes over time for an organization. |
create_stackhawk_config | Create a StackHawk configuration file |
generate_security_dashboard | Generate a security dashboard for an organization |
generate_sensitive_data_summary | Generate a sensitive data summary for an organization |
get_app_findings_for_triage | Get triage-worthy findings for a project or application at or above the configured failureThreshold (or High/Medium if not set). |
get_critical_sensitive_data | Get critical sensitive data findings for an organization |
get_organization_info | Get information about a StackHawk organization |
get_sensitive_data | Get sensitive data findings for a specific application or repository. |
get_sensitive_data_report | Get a grouped and summarized sensitive data report for an entire organization (current snapshot). |
get_stackhawk_scan_instructions | Get instructions for running StackHawk scans |
get_stackhawk_schema | Get the StackHawk YAML schema |
list_applications | List applications in a StackHawk organization |
map_sensitive_data_surface | Map sensitive data exposure for an organization |
run_stackhawk_scan | Run a StackHawk scan using the CLI and stream results back to the chat. |
search_vulnerabilities | Search for vulnerabilities in a StackHawk organization |
setup_stackhawk_for_project | Set up StackHawk for a new project |
validate_field_exists | Validate that a field path exists in the StackHawk schema |
validate_stackhawk_config | Validate a StackHawk YAML configuration file |
Tools Details
Tool: analyze_sensitive_data_trends
Analyze sensitive data trends and changes over time for an organization. Provides time-based, asset-level trend analysis by application and repository. Use this to answer questions like 'How is sensitive data risk changing over time?' or 'Which apps are trending up or down in exposure?'. For a current grouped snapshot, use get_sensitive_data_report instead.
| Parameters | Type | Description |
|---|---|---|
org_id | string | Organization ID |
analysis_period | stringoptional | Analysis period (default: 90d) |
include_applications | booleanoptional | Include applications (default: true) |
include_repositories | booleanoptional | Include repositories (default: true) |
Tool: create_stackhawk_config
Create a StackHawk configuration file
| Parameters | Type | Description |
|---|---|---|
app_name | string | Application name |
application_id | string | StackHawk Application ID |
host | string | Host for the app |
port | integer | Port for the app |
Tool: generate_security_dashboard
Generate a security dashboard for an organization
| Parameters | Type | Description |
|---|---|---|
org_id | string | Organization ID |
Tool: generate_sensitive_data_summary
Generate a sensitive data summary for an organization
| Parameters | Type | Description |
|---|---|---|
org_id | string | Organization ID |
include_recommendations | booleanoptional | Include recommendations (default: true) |
include_risk_assessment | booleanoptional | Include risk assessment (default: true) |
time_period | stringoptional | Time period (default: 30d) |
Tool: get_app_findings_for_triage
Get triage-worthy findings for a project or application at or above the configured failureThreshold (or High/Medium if not set). Accepts app_id, config_path, or config_content.
| Parameters | Type | Description |
|---|---|---|
app_id | stringoptional | StackHawk application ID (optional) |
config_content | stringoptional | YAML content of the StackHawk config file (optional, takes precedence over config_path) |
config_path | stringoptional | Path to StackHawk config file (optional, default: stackhawk.yml) |
Tool: get_critical_sensitive_data
Get critical sensitive data findings for an organization
| Parameters | Type | Description |
|---|---|---|
org_id | string | Organization ID |
data_types | arrayoptional | Data types (optional) |
include_remediation | booleanoptional | Include remediation info (default: true) |
max_results | integeroptional | Max results (default: 50) |
Tool: get_organization_info
Get information about a StackHawk organization
| Parameters | Type | Description |
|---|---|---|
org_id | string | Organization ID |
Tool: get_sensitive_data
Get sensitive data findings for a specific application or repository. Use this for asset-level triage and remediation.
| Parameters | Type | Description |
|---|---|---|
target_id | string | The ID of the application or repository to query. |
target_type | string | Target type: 'application' or 'repository'. Use 'application' for app-level findings, 'repository' for repo-level findings. |
data_type_filter | stringoptional | Filter by sensitive data type (e.g., PII, PCI, PHI, or All for no filter). |
include_details | booleanoptional | Whether to include detailed finding information (default: true) |
max_results | integeroptional | Maximum number of findings to return (default: 100) |
org_id | stringoptional | Organization ID (optional, auto-detected if omitted) |
Tool: get_sensitive_data_report
Get a grouped and summarized sensitive data report for an entire organization (current snapshot). Use this for org-wide analytics, compliance, and reporting. For trends or changes over time, use analyze_sensitive_data_trends.
| Parameters | Type | Description |
|---|---|---|
org_id | string | Organization ID |
data_type_filter | stringoptional | Filter by sensitive data type (e.g., PII, PCI, PHI, or All for no filter). |
group_by | stringoptional | Field to group findings by (e.g., 'data_type', 'applicationId', 'repositoryId'). Default is 'data_type'. |
include_details | booleanoptional | Whether to include detailed finding information (default: true) |
time_range | stringoptional | Time range for findings (e.g., '30d', 'all'). Default is 30d. |
Tool: get_stackhawk_scan_instructions
Get instructions for running StackHawk scans
| Parameters | Type | Description |
|---|---|---|
config_path | stringoptional | Path to StackHawk config file (default: stackhawk.yml) |
Tool: get_stackhawk_schema
Get the StackHawk YAML schema
Tool: list_applications
List applications in a StackHawk organization
| Parameters | Type | Description |
|---|---|---|
org_id | string | Organization ID |
page_size | integeroptional | Page size (optional) |
Tool: map_sensitive_data_surface
Map sensitive data exposure for an organization
| Parameters | Type | Description |
|---|---|---|
org_id | string | Organization ID |
include_applications | booleanoptional | Include applications (default: true) |
include_repositories | booleanoptional | Include repositories (default: true) |
risk_visualization | booleanoptional | Include risk visualization (default: true) |
Tool: run_stackhawk_scan
Run a StackHawk scan using the CLI and stream results back to the chat. Optionally specify a config path (default: stackhawk.yml).
| Parameters | Type | Description |
|---|---|---|
config_path | stringoptional | Path to StackHawk config file (default: stackhawk.yml) |
Tool: search_vulnerabilities
Search for vulnerabilities in a StackHawk organization
| Parameters | Type | Description |
|---|---|---|
org_id | string | Organization ID |
severity_filter | stringoptional | Filter by severity (Critical, High, Medium, Low) |
time_range | stringoptional | Time range for search (e.g., '30d', '7d') |
Tool: setup_stackhawk_for_project
Set up StackHawk for a new project
| Parameters | Type | Description |
|---|---|---|
app_name | stringoptional | Application name (optional) |
org_id | stringoptional | Organization ID (optional) |
Tool: validate_field_exists
Validate that a field path exists in the StackHawk schema
| Parameters | Type | Description |
|---|---|---|
field_path | string | Field path to validate |
Tool: validate_stackhawk_config
Validate a StackHawk YAML configuration file
| Parameters | Type | Description |
|---|---|---|
yaml_content | string | YAML content to validate |
Use this MCP Server
{
"mcpServers": {
"stackhawk": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"STACKHAWK_API_KEY",
"mcp/stackhawk"
],
"env": {
"STACKHAWK_API_KEY": "<STACKHAWK_API_KEY>"
}
}
}
}
Manual installation
You can install the MCP server using:
Installation for