All Collections
Running HawkScan
HawkScan CLI unexpectedly requests Git password or token when running a scan
HawkScan CLI unexpectedly requests Git password or token when running a scan

Troubleshooting Git errors when running the HawkScan CLI

Anthony Stinn avatar
Written by Anthony Stinn
Updated over a week ago

Applies To

HawkScan CLI scans (local or within CI/CD Automation).


HawkScan authenticates to the StackHawk platform and the successfully validates the yaml configuration, but the scan errors out with an unexpected Git credentials challenge.

Example error:

+ /var/opt/hawk-2.0.0/hawk scan

Authenticating to platform
Authenticating to platform .
Authenticating to platform ..

Git Username: Git Password or Personal Access Token:
[1;91mUnexpected Error: [0m[0m



The GIT_URL environmental variable is set in the shell that launched the CLI version of HawkScan, causing HawkScan to attempt to pull from the git repo contained in that variable.

By default, HawkScan mounts itself to the current working directory from which it runs; GIT_URL is used to mount it from a repository instead.


Unlike the docker-based version of HawkScan--in which all environmental variables must be explicitly specified--in the CLI version, environmental variables are inherited from the parent shell from which the hawk command is run.

This shell could be local (e.g., a laptop running MacOS with the CLI installed), within a container (e.g., within a Kubernetes pod) or a host (e.g., Jenkins agent runner host) in a CI/CD workflow.

Environmental variables, if present, can be overridden with command line options or unset (see below).


Unset the GIT_URL variable that HawkScan is attempting to use, then re-run the scan.



Unset GIT_URL prior to running hawkscan:

unset GIT_URL;hawk scan


Unset GIT_URL within a step in the Jenkinsfile pipeline:

stage ("Run HawkScan Test") {
steps {
sh 'unset GIT_URL; /var/opt/hawk-2.1.1/hawk scan'

Additional Information

StackHawk CLI:

Running HawkScan in Jenkins:

Mounting HawkScan from a Git repository:

Did this answer your question?