Basic Information
Puma Scan is a software security analyzer that provides secure source code analysis for C# applications.
The Puma Scan End User Edition displays vulnerabilities in Visual Studio as spell check and compiler warnings.
Puma Scan Server Edition runs on Continuous Integration Build Servers such as Jenkins, Azure DevOps, and TeamCity. Code analysis takes place locally on the build server with no need to upload code to a third-party cloud scanning service.
Puma Scan offers a light-weight, fast, cost efficient option for helping deliver secure products to your customers.
The Puma Scan End User Edition displays vulnerabilities in Visual Studio as spell check and compiler warnings.
Puma Scan Server Edition runs on Continuous Integration Build Servers such as Jenkins, Azure DevOps, and TeamCity. Code analysis takes place locally on the build server with no need to upload code to a third-party cloud scanning service.
Puma Scan offers a light-weight, fast, cost efficient option for helping deliver secure products to your customers.
Tool first release date
2017-10-17
Version release date
2019-05-15
Software cost
Paid
Software license
Proprietary
Hosting
Self-Hosted
Supported operating systems
Windows
Tool website
Process Integration
Deployment model
Workstation, CI Server, Standalone Server
Analysis inputs
Source code
Display results in IDE
Visual Studio
Live analysis & feedback while coding in IDE
Visual Studio
CI Integration
Generic command line interface (CLI), Azure DevOps
Able to analyze incremental changes to code (commit, patch, pull request)
Can schedule scans
API method to report results in SARIF format
API method to report results in XML/JSON/CSV format
Coverage
Puma Scan supports scanning .NET Framework (WebForms, MVC) and .NET Core applications written in C#. Support also includes scanning configuration files (.config) and view markup (.aspx, .cshtml).
Supported programming languages
.NET, C#
Supported development frameworks
.NET Core
Claimed Weakness Coverage
Claimed Weakness Coverage information hasn't been collected yet for this analyzer.
Really want it? Let us know.
Really want it? Let us know.
Checker Customization
Can disable checkers
Can customize checker logic
First-class API to create new checkers
Speed & Scalability
Parallelizes on one host
Parallelizes across more than one host
Results Quality
Provides explanation of warning
Provides severity of warning
Provides confidence information about warning
Provides code context around warning
Provides control flow context for warning
Provides data flow context for warning
Provides code coverage information per checker
Reporting
Puma Scan exports scan results in JSON, MSBuild, and HTML formats.
Integration with external bug tracking systems and vulnerability management systems can be achieved by parsing the JSON and consuming the API of the desired external system.
Integration with external bug tracking systems and vulnerability management systems can be achieved by parsing the JSON and consuming the API of the desired external system.
Results suppression even after code changes
Show differences in results set to previous scan
Integration with external remediation bug tracker
None
Two-way data sync with external remediation bug tracker
Graphical user interface (GUI)
Centralized reporting
Support
Puma Scan documentation can be found on the support page: https://pumascan.com/support/
Installation guide or documentation
User/operator guide or documentation
Integration guide or API documentation
