{"$schema":"http://json-schema.org/draft/2019-09/schema#","id":"com.stackhawk.nest.HawkScanMessages$HawkscanConf","type":"object","title":"com.stackhawk.nest.HawkScanMessages$HawkscanConf","definitions":{"HawkscanConf":{"id":"#/definitions/HawkscanConf","type":"object","properties":{"hawk":{"$ref":"#/definitions/HawkConf","description":"Parameters for scanner runtime and how it should look for vulnerabilities."},"app":{"$ref":"#/definitions/AppConf","description":"**Required** Parameters for the target application and specifics for how it should be scanned."},"hawkAddOn":{"$ref":"#/definitions/HawkAddOnConf","description":"Parameters for additional HawkScan add-ons."},"tags":{"type":"array","description":"Searchable keywords to associate with this scan","items":{"$ref":"#/definitions/Tag"}}},"required":["app"]},"HawkConf":{"id":"#/definitions/HawkConf","type":"object","properties":{"spider":{"$ref":"#/definitions/Spider","description":"Spider configuration"},"startupTimeoutMinutes":{"type":"number","description":"Maximum time in minutes to wait for the scanner process to start","exclusiveMinimum":0},"failureThreshold":{"type":"string","description":"The lowest alert level that returns a failed scan status. Accepted values: high, medium, or low","pattern":"\\b(?:high|medium|low|HIGH|MEDIUM|LOW)\\b"},"scan":{"$ref":"#/definitions/ScanConf","description":"Scan Configuration"},"config":{"type":"array","description":"Scanner configuration overrides, provided as a list of strings.","items":{"type":"string","pattern":"^([a-zA-Z0-9]*\\.)*([a-zA-Z_$0-9])+=.*$"}}}},"Spider":{"id":"#/definitions/Spider","type":"object","properties":{"base":{"type":"boolean","description":"Enable the basic web crawler for discovering your application’s routes. This spider is appropriate for most traditional web applications.","default":true},"ajax":{"type":"boolean","description":"Enable the ajax web crawler for discovering your application’s routes. This spider is appropriate for single-page web applications.","default":false},"maxDurationMinutes":{"type":"number","description":"Maximum allowed time for enabled spiders to crawl your web application. defaults to 5","exclusiveMinimum":0},"ajaxBrowser":{"type":"string","description":"The browser to type and style to use when running the AjaxSpider. This value is ignored when running the hawkscan docker container and use's the default FIREFOX_HEADLESS.","enum":["FIREFOX_HEADLESS","CHROME_HEADLESS","FIREFOX","CHROME"]},"seedPaths":{"type":"array","description":"List of seed paths to add to the site tree. Will be crawled in addition to the root of the application. Used to add unreachable paths to the scanner.","items":{"type":"string"}},"custom":{"$ref":"#/definitions/CustomDiscovery","description":""},"postmanConfig":{"$ref":"#/definitions/PostmanConfig","description":""}}},"CustomDiscovery":{"id":"#/definitions/CustomDiscovery","type":"object","properties":{}},"PostmanConfig":{"id":"#/definitions/PostmanConfig","type":"object","properties":{"apikey":{"type":"string","description":"api key to authenticated the user with Postman"},"collectionUID":{"type":"string","description":"Id of the collection to be pulled from Postman"},"filePath":{"type":"string","description":"File path of the Postman collection"}}},"ScanConf":{"id":"#/definitions/ScanConf","type":"object","properties":{"maxDurationMinutes":{"type":["number","string"],"description":"Maximum duration that a scan will run.","minimum":0,"pattern":"^([0-9][0-9]+|[1-9]|0)$"},"maxRuleDurationMinutes":{"type":["number","string"],"description":"Maximum duration that a scan will spend on a rule.","minimum":0,"pattern":"^([0-9][0-9]+|[1-9]|0)$"},"requestDelayMillis":{"type":["number","string"],"description":"Delay time between sending requests.","minimum":0,"pattern":"^([0-9][0-9]+|[1-9]|0)$"},"concurrentRequests":{"type":["number","string"],"description":"Number of request threads. _If you need that little extra push._ defaults to 20","exclusiveMinimum":0,"pattern":"^([0-9][0-9]+|[1-9])$"},"throttlePassiveBacklog":{"type":["number","string"],"description":"Pause active scan when passive backlog is greater than this value, resumes once backlog is empty. defaults to 50","exclusiveMinimum":0,"pattern":"^([0-9][0-9]+|[1-9])$"},"policyName":{"type":"string","description":"Name of the scan policy to use. This field is optional and defaults will be selected if omitted"},"includedPlugins":{"type":"array","description":"Specify to only run  scan on the listed plugins","items":{"type":"string"}}}},"AppConf":{"id":"#/definitions/AppConf","type":"object","properties":{"host":{"type":"string","description":"**Required** The base url of the application to scan ex: `http://localhost:8000`. If the url cannot be reached, the scan will not proceed.","pattern":"(?:(?:https?|ftp|file):\\/\\/|www\\.|ftp\\.)(?:\\([-\\w\\d+&@#\\/%=~_|$?!:,.]*\\)|[-\\w\\d+&@#\\/%=~_|$?!:,.])*(?:\\([-\\w\\d+&@#\\/%=~_|$?!:,.]*\\)|[\\w\\d+&@#\\/%=~_|$])"},"sessionTokens":{"type":"array","description":"The names of any session tokens used by your application, provided as an array of strings (Hint: these are the names of session cookies used by your application).","items":{"type":"string"}},"antiCsrfParam":{"type":"string","description":"The name of your CSRF security parameter used in any application form inputs. Globally set, HawkScan will parse this parameter value from form responses to use in subsequent requests."},"authentication":{"$ref":"#/definitions/Authentication","description":"Authenticated scan configuration"},"excludePaths":{"type":"array","description":"An array of strings, used as regexes to match against routes that should be ignored entirely by HawkScan. This field is useful for prohibiting asset directories or other resources that don’t require vulnerability scanning. (TODO: ADD EXAMPLE)","items":{"type":"string"}},"applicationId":{"type":"string","description":"**Required**. The `applicationId` of an application from the StackHawk platform","pattern":"\\b[0-9a-f]{8}\\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\\b[0-9a-f]{12}\\b"},"env":{"type":"string","description":"**Required**. The `env` environment name to organize Scan Results"},"graphqlConf":{"$ref":"#/definitions/GraphQLConf","description":"GraphQL API scanner parameters."},"includePaths":{"type":"array","description":"An array of strings, used as regexes to constrain the application routes HawkScan will specifically visit. This field is useful for constraining the reach of the HawkScan scanner and spider. (TODO: add examples)","items":{"type":"string"}},"autoPolicy":{"type":"boolean","description":"Set to `true` to enable an optimized policy when scanning specific APIs like GraphQL and OpenAPI. Defaults to True"},"autoInputVectors":{"type":"boolean","description":"Set to `true` to automatically enabled the correct input data types when scanning API’s like GraphQL and OpenAPI. This can increase scan accuracy and reduce false positives. Defaults to True"},"openApiConf":{"$ref":"#/definitions/OpenApiConf","description":"OpenApi scanner parameters."},"soapConf":{"$ref":"#/definitions/SoapConf","description":"SOAP API scanner parameters."},"inputVectors":{"$ref":"#/definitions/InputVectorParams","description":"Fine grained control of injectable input vectors"},"waitForAppTarget":{"$ref":"#/definitions/WaitForAppTarget","description":"Adds a wait time for app to startup"}},"required":["host","applicationId","env"],"allOf":[{"oneOf":[{"required":["authentication"]},{"not":{"anyOf":[{"required":["authentication"]}]}}]}]},"Authentication":{"id":"#/definitions/Authentication","type":"object","properties":{"usernamePassword":{"$ref":"#/definitions/UsernamePasswordCredentials","description":"Optional configuration specifying a username and password based authentication configuration. Do not configure if using `external`."},"external":{"$ref":"#/definitions/ExternalCredentials","description":"Optional configuration block for specifying an externally supplied authorization token. Do not configure if using `usernamePassword`."},"script":{"$ref":"#/definitions/AuthenticationScript","description":"Optional configuration block for using an authentication script."},"tokenExtraction":{"$ref":"#/definitions/TokenExtraction","description":"Optional configuration block for extracting the authorization token from the authentication response."},"cookieAuthorization":{"$ref":"#/definitions/CookieAuthorization","description":"Optional configuration specifying if authorization is maintained via a cookie session. Do not configure if using `tokenAuthorization`."},"tokenAuthorization":{"$ref":"#/definitions/TokenAuthorization","description":"Optional configuration telling HawkScan how to pass the authorization token to your application on each request to maintain authorized access. Do not configure if using `cookieAuthorization`."},"sessionScript":{"$ref":"#/definitions/SessionScript","description":"Optional configuration for using a session management script."},"loggedInIndicator":{"type":"string","description":"**Required**. A regex to match against http responses from pages in the web application to determine if the scanned pages user session is still logged in to the app, provided as a string (ex. `\"\\\\Qsigned in as\\\\E\"`)."},"loggedOutIndicator":{"type":"string","description":"**Required**. A regex to match against http responses from pages in the web application to determine if the scanned pages user session is logged out of the app, provided as a string"},"testPath":{"$ref":"#/definitions/AuthTestPath","description":"A configuration block specifying how to verify authentication/authorization is working"}},"required":["loggedInIndicator","loggedOutIndicator","testPath"],"allOf":[{"oneOf":[{"required":["usernamePassword"]},{"required":["external"]},{"required":["script"]}]},{"oneOf":[{"required":["cookieAuthorization"]},{"required":["tokenAuthorization"]},{"required":["sessionScript"]}]}]},"UsernamePasswordCredentials":{"id":"#/definitions/UsernamePasswordCredentials","type":"object","properties":{"loginPagePath":{"type":"string","description":"The path to your login form, if applicable. This is an optional path but is often required if the `POST` to the loginPath requires an anti csrf token to be passed as part of the `POST`. The `app.antiCsrfParam` will be extracted from the response body of a GET request to this page.","pattern":"^\\/(([A-z0-9\\-\\%]+\\/)*[A-z0-9\\-\\%]+$)?"},"loginPath":{"type":"string","description":"**Required** login route to `POST` credentials for a user in the application (ex. `/login`). An http `POST` request using the type specified will be made to this path.","pattern":"^\\/(([A-z0-9\\-\\%]+\\/)*[A-z0-9\\-\\%]+$)?"},"usernameField":{"type":"string","description":"**Required** the username html field used in your application form or json, provided as a string."},"passwordField":{"type":"string","description":"**Required** The password html field used in your application form or json, provided as a string."},"scanUsername":{"type":"string","description":"*Required** The username credentials provided to authentication when attempting to login to the web application, provided as a string.\nHawkScan best practices recommend using [environment variable runtime overrides](https://docs.stackhawk.com/hawkscan/configuration/#environment-variable-runtime-overrides) for this value (ex. \"${SCAN_USERNAME:admin}\" will use the $SCAN_USERNAME environment variable as the scanUsername, or fallback to admin)."},"scanPassword":{"type":"string","description":"*Required** The password credentials provided to authentication when attempting to login to the web application, provided as a string.\nHawkScan best practices recommend using [environment variable runtime overrides](https://docs.stackhawk.com/hawkscan/configuration/#environment-variable-runtime-overrides) for this value (ex. \"${SCAN_PASSWORD}\" will use the $SCAN_PASSWORD environment variable as the scanPassword)."},"type":{"type":"string","description":"An enum value describing the type of `POST` data expected by the `loginPath`","enum":["FORM","JSON"]},"otherParams":{"type":"array","description":"Other request parameters required by your login payload, provided as an array of objects with `name` and `value` string keys. This setting is helpful if your authentication process requires other parameters included in the form POST besides the username and password parameters. If in doubt, this setting can be safely left unconfigured.","items":{"$ref":"#/definitions/NameValParam"}}},"required":["loginPath","usernameField","passwordField","scanUsername","scanPassword"]},"NameValParam":{"id":"#/definitions/NameValParam","type":"object","properties":{"name":{"type":"string","description":""},"val":{"type":"string","description":""}}},"ExternalCredentials":{"id":"#/definitions/ExternalCredentials","type":"object","properties":{"type":{"type":"string","description":"Specifies the type of token being supplied. If `COOKIE` is specified the .external.value should be in the form of a cookie value <cookie-name>=<cookie-value> . Defaults to `Token`.","enum":["TOKEN","COOKIE"]},"value":{"type":"string","description":"**Required** The value containing the token that will authorize requests. How the token is passed to your application is determined by the assigned `type`."}},"required":["value"]},"AuthenticationScript":{"id":"#/definitions/AuthenticationScript","type":"object","properties":{"name":{"type":"string","description":"The name of the authentication script specified in the hawkAddOn.scripts.name"},"parameters":{"$ref":"#/definitions/ParametersEntry","description":"The parameters required for the authentication script."},"credentials":{"$ref":"#/definitions/CredentialsEntry","description":"The credentials required for the authentication script. These values will be redacted."}},"required":["name"]},"ParametersEntry":{"id":"#/definitions/ParametersEntry","type":"object","additionalProperties":{"type":"string"}},"CredentialsEntry":{"id":"#/definitions/CredentialsEntry","type":"object","additionalProperties":{"type":"string"}},"TokenExtraction":{"id":"#/definitions/TokenExtraction","type":"object","properties":{"type":{"type":"string","description":"Specifying `TOKEN_PATH` tells HawkScan to extract the token from the JSON payload of the response from authentication. `HEADER` tells HawkScan to extract the token from a header in the response from authentication. defaults to `TOKEN_PATH`.","enum":["TOKEN_PATH","HEADER_NAME"]},"value":{"type":"string","description":"*Required**. String containing the path to the token in the JSON payload authentication response or the name of the response header containing the token.\nExample: if the authentication response JSON payload looks like `{\"auth\" : {\"token\": \"<my-auth-token>\"}}` the value would be `auth.token`. If the authentication response has a header named `AuthToken: <my-token>`, then the value should be `AuthToken`."}},"required":["value"]},"CookieAuthorization":{"id":"#/definitions/CookieAuthorization","type":"object","properties":{"cookieNames":{"type":"array","description":"A list of strings that are the names of cookies used for maintaining a session. Typically this is one value like `jsessionid` or `PHPSESS`. When used in combination with authentication HawkScan will use this value to persist authenticated session state with your application.","items":{"type":"string"}}}},"TokenAuthorization":{"id":"#/definitions/TokenAuthorization","type":"object","properties":{"type":{"type":"string","description":"An enum value representing how to pass the authorization token to your application.\n`HEADER` indicates that each request should have the authorization token header added to the requests.\n`QUERY_PARAM` indicates that the token should be passed as a query parameter.","enum":["HEADER","QUERY_PARAM"]},"value":{"type":"string","description":"**Required** The name of the `HEADER` or `QUERY_PARAM` the token should be passed as."}},"required":["value"]},"SessionScript":{"id":"#/definitions/SessionScript","type":"object","properties":{"name":{"type":"string","description":"The name of the session script specified in the hawkAddOn.scripts.name"},"parameters":{"$ref":"#/definitions/ParametersEntry","description":"The parameters required for the session script."}},"required":["name"]},"AuthTestPath":{"id":"#/definitions/AuthTestPath","type":"object","properties":{"type":{"type":"string","description":"An enum value representing what to match against in the response from issuing a GET request to the `testPath.path`. The supported values are `HEADER` and `BODY`.","enum":["HEADER","BODY"]},"path":{"type":"string","description":"**Required**. The path to a protected route in your application that requires authorization. For example `/mysettings`. A `GET` request will be made to this path using the configured authentication.","pattern":"^\\/(([A-z0-9\\-\\%]+\\/)*[A-z0-9\\-\\%]+$)?"},"success":{"type":"string","description":"A regex that will match against the response header or body, specified by `type`, of the GET request to the `path`.\nA match of the regex supplied will indicate that scanning should proceed with the specified authentication."},"fail":{"type":"string","description":"A regex that will match against the response header or body, specified by `type`, of the GET request to the `path`.\nA match of the regex supplied will indicate that scanning should halt and enter an error state."},"requestMethod":{"type":"string","description":"Request method to use for queries. Will generate GraphQL queries as either POST payloads or GET uri strings.","enum":["GET","POST","PUT"]},"requestBody":{"type":"string","description":"The request content to send along with POST or PUT requests for authentication verification."},"requestHeaders":{"$ref":"#/definitions/RequestHeadersEntry","description":"List of key/value pairs to be included as headers in the request to the `path`.\nHeaders that match the following pattern are unable to be added or modified `'^(Host|Origin|Proxy-.*|Sec-.*|Content-Length)'`."}},"required":["path"],"allOf":[{"oneOf":[{"required":["success"]},{"required":["fail"]}]}]},"RequestHeadersEntry":{"id":"#/definitions/RequestHeadersEntry","type":"object","additionalProperties":{"type":"string"}},"GraphQLConf":{"id":"#/definitions/GraphQLConf","type":"object","properties":{"schemaPath":{"type":"string","description":"Path to the GraphQL introspection endpoint, relative to the target URI","pattern":"^\\/(([A-z0-9\\-\\%]+\\/)*[A-z0-9\\-\\%]+$)?"},"requestMethod":{"type":"string","description":"Request method to use for queries. Will generate GraphQL queries as either POST payloads or GET uri strings.","enum":["POST","GET"]},"uriMaxLength":{"type":["number","string"],"description":"Max length of URIs when generation queries for GET requests.","minimum":0,"pattern":"^([0-9][0-9]+|[1-9]|0)$"},"maxDepth":{"type":["number","string"],"description":"Maximum depth for generated query graphs","exclusiveMinimum":0,"maximum":50,"pattern":"^([0-9][0-9]+|[1-9]|0)$"},"enabled":{"type":"boolean","description":"Enable GraphQL scan support. HawkScan will enumerate all possible field types and input values for GraphQL Queries and Mutations. Provide relative path to the API endpoint."},"operation":{"type":"string","description":"GraphQL operation to enumerate and scan. Defaults to find all Query and Mutation operations.","enum":["ALL","QUERY","MUTATION"]},"filePath":{"type":"string","description":"Relative path to a JSON formatted GraphQL schema (default: None)"},"excludeOperations":{"type":"array","description":"GraphQL operations to exclude from the spider","items":{"$ref":"#/definitions/GraphQLExcludeOperationParam"}}}},"GraphQLExcludeOperationParam":{"id":"#/definitions/GraphQLExcludeOperationParam","type":"object","properties":{"name":{"type":"string","description":""},"type":{"type":"string","description":"","enum":["ALL","QUERY","MUTATION"]}}},"OpenApiConf":{"id":"#/definitions/OpenApiConf","type":"object","properties":{"path":{"type":"string","description":"A string relative path to an OpenAPI specification file (JSON or YAML) from the specified app.host","pattern":"^\\/(([A-z0-9\\-\\%]+\\/)*[A-z0-9\\-\\%]+$)?"},"filePath":{"type":"string","description":"Relative path to specification file(s) (JSON or YAML).\nThe path is relative to the `/hawk` mount point specified by the `-v` docker run argument. ie: `docker run -v $(pwd):/hawk`."},"inline":{"type":"string","description":"Define your openapi specification yaml inlined as a string."},"strict":{"type":"boolean","description":"Enable strict parsing of the openapi."},"customVariables":{"type":"array","description":"Define custom variables and values for use in REST API scanning.","items":{"$ref":"#/definitions/CustomVariable"}},"includeAllMethods":{"type":"boolean","description":"When custom variables are provided, DELETE's are skipped for injection. Set this to true to override this default and include all methods in variable injection."},"includedMethods":{"type":"array","description":"List of methods to include in custom variable injection. Note: if 'includeAllMethods' is set to true, this list is ignored and all methods will be used for custom variable injection.","items":{"type":"string","enum":["POST","PUT","DELETE","GET","OPTIONS","PATCH","HEAD"]}},"fakerEnabled":{"type":"boolean","description":"Enables faker for a REST API scan to generate more realistic values when format is provided on the API spec or custom variables."}}},"CustomVariable":{"id":"#/definitions/CustomVariable","type":"object","properties":{"field":{"type":"string","description":""},"values":{"type":"array","description":"","items":{"type":"string"}}}},"SoapConf":{"id":"#/definitions/SoapConf","type":"object","properties":{"path":{"type":"string","description":"Host path to the SOAP WSDL, prefixed with a `/`","pattern":"^\\/(([A-z0-9\\-\\%]+\\/)*[A-z0-9\\-\\%]+$)?"},"filePath":{"type":"string","description":"Relative path to the SOAP WSDL schema definition file"}}},"InputVectorParams":{"id":"#/definitions/InputVectorParams","type":"object","properties":{"injectableParam":{"$ref":"#/definitions/InjectableParam","description":""},"enabledRpcParam":{"$ref":"#/definitions/EnabledRPCParam","description":""}}},"InjectableParam":{"id":"#/definitions/InjectableParam","type":"object","properties":{}},"EnabledRPCParam":{"id":"#/definitions/EnabledRPCParam","type":"object","properties":{}},"WaitForAppTarget":{"id":"#/definitions/WaitForAppTarget","type":"object","properties":{"path":{"type":"string","description":"The path to a public reachable route in your application. For example `/index`. A `GET` request will be made to this path to confirm the host is up and ready to receive traffic.","default":"/","pattern\"":"^\\/(([A-z0-9\\-\\%]+\\/)*[A-z0-9\\-\\%]+$)?"},"requestMethod":{"type":"string","description":"Request method to use for queries. Will generate GraphQL queries as either POST payloads or GET uri strings.","enum":["GET","POST","PUT"]},"requestBody":{"type":"string","description":"The request content to send along with POST or PUT requests for target verification."},"waitTimeoutMillis":{"type":["number","string"],"description":"The maximum amount of time in milliseconds that HawkScan will wait for your app to be available before it starts scanning","minimum":0,"pattern":"^([0-9][0-9]+|[1-9]|0)$"},"pollDelay":{"type":["number","string"],"description":"The maximum amount of time in milliseconds in between requests to your application to see if it's running","default":100,"minimum":0,"pattern":"^([0-9][0-9]+|[1-9]|0)$"}},"required":["waitTimeoutMillis"]},"HawkAddOnConf":{"id":"#/definitions/HawkAddOnConf","type":"object","properties":{"replacer":{"$ref":"#/definitions/Replacer","description":"Configuration for the replacer addOn"},"scripts":{"type":"array","description":"List of configurations for custom scripts.","items":{"$ref":"#/definitions/Script"}}}},"Replacer":{"id":"#/definitions/Replacer","type":"object","properties":{"rules":{"type":"array","description":"List of regex match and replace rules for request headers.","items":{"$ref":"#/definitions/ReplacerRules"}}}},"ReplacerRules":{"id":"#/definitions/ReplacerRules","type":"object","properties":{"matchString":{"type":"string","description":"If `replaceOnly` is false, only match the header name. If `replaceOnly` is true, matches the exact string on the header line."},"replacement":{"type":"string","description":"If false, replace existing header value or add the missing header using replacement as the value. If true, only replace the matchString of an existing header line."},"initiators":{"type":"array","description":"","items":{"type":"string","enum":["PROXY","ACTIVE_SCANNER","SPIDER","FUZZER","AUTHENTICATION","MANUAL_REQUEST","CHECK_FOR_UPDATES","BEAN_SHELL","ACCESS_CONTROL_SCANNER","AJAX_SPIDER","FORCED_BROWSE","TOKEN_GENERATOR","WEB_SOCKET","AUTHENTICATION_HELPER"]}},"replaceOnly":{"type":"boolean","description":"If false, replace existing header value or add the missing header using replacement as the value. If true, only replace the matchString of an existing header line."},"isRegex":{"type":"boolean","description":"Enable regex search for `matchString`. Useful when `replaceOnly` is true (e.g. `Referer:.*` will replace the entire `Referer:` header line)"}},"required":["matchString","replacement"]},"Script":{"id":"#/definitions/Script","type":"object","properties":{"name":{"type":"string","description":"the name of this custom script"},"type":{"type":"string","description":"","enum":["active","authentication","httpsender","passive","proxy","standalone","targeted","session"]},"path":{"type":"string","description":"Path to the file location for the custom script"},"vars":{"type":"array","description":"Named variables to expose to the script","items":{"$ref":"#/definitions/NameValParam"}},"language":{"type":"string","description":"**Required**. The language of this script","enum":["KOTLIN","JAVASCRIPT"]},"id":{"type":["number","string"],"description":"Plugin Id for script"}},"required":["language"]},"Tag":{"id":"#/definitions/Tag","type":"object","properties":{"name":{"type":"string","description":"The keyword name.","maxLength":128,"minLength":1,"pattern":"^[a-zA-Z0-9_-]+$"},"value":{"type":"string","description":"An arbitrary value to associate with the keyword.","maxLength":512,"minLength":1}}}},"properties":{"hawk":{"id":"#/properties/hawk","type":"object","$ref":"#/definitions/HawkConf"},"app":{"id":"#/properties/app","type":"object","$ref":"#/definitions/AppConf"},"hawkAddOn":{"id":"#/properties/hawkAddOn","type":"object","$ref":"#/definitions/HawkAddOnConf"},"tags":{"id":"#/properties/tags","type":"array","items":{"$ref":"#/definitions/Tag"}}}}