Puma Scan - Detailed Review
Developer Tools
Puma Scan - Detailed Review Contents
Add a header to begin generating the table of contents
Puma Scan - Product Overview
Introduction to Puma Scan
Puma Scan is a security tool developed by Puma Security, aimed at integrating seamlessly with development environments to ensure the security of applications throughout the development lifecycle.
Primary Function
Puma Scan’s primary function is to provide real-time vulnerability detection and remediation. It works as a Visual Studio analyzer extension, offering continuous C# source code analysis as developers write code. This real-time analysis helps prevent security bugs from entering applications, much like a spellchecker or compiler warnings.
Target Audience
Puma Scan is designed for a wide range of businesses, including startups, small and medium-sized businesses (SMBs), and enterprises. It is particularly useful for development teams and DevOps teams who need to integrate security measures into their software development processes.
Key Features
Puma Scan boasts several key features that make it a valuable tool for secure coding:
- Cross Site Scripting (XSS) Detection: Identifies vulnerabilities related to XSS attacks.
- SQL Injection Detection: Detects potential SQL injection vulnerabilities.
- Command Injection Detection: Finds command injection vulnerabilities.
- Path Traversal Detection: Identifies path traversal vulnerabilities.
- Insecure Deserialization Detection: Detects insecure deserialization issues.
- Sensitive Data Exposure Detection: Alerts on sensitive data exposure.
- Insecure Cryptographic Storage Detection: Identifies insecure cryptographic storage practices.
- Insecure Communication Detection: Detects insecure communication vulnerabilities.
- Security Misconfiguration Detection: Finds security misconfiguration issues.
- Broken Authentication Detection: Identifies broken authentication vulnerabilities.
- Broken Access Control Detection: Detects broken access control issues.
- Cross Site Request Forgery (CSRF) Detection: Identifies CSRF vulnerabilities.
- XML External Entity (XXE) Detection: Detects XXE vulnerabilities.
- Insecure Direct Object References (IDOR) Detection: Finds IDOR vulnerabilities.
- Remote Code Execution Detection: Identifies remote code execution vulnerabilities.
- File Inclusion Vulnerability Detection: Detects file inclusion vulnerabilities.
- Hardcoded Credentials Detection: Identifies hardcoded credentials.
- Weak Password Policy Detection: Detects weak password policies.
- Unvalidated Redirects And Forwards Detection: Finds unvalidated redirects and forwards issues.
- Improper Error Handling Detection: Identifies improper error handling practices.
Additionally, Puma Scan offers advanced features such as Advanced Data Flow Analysis, Reporting Functionality, Advanced Taint Analysis, and Rule Configuration, making it a comprehensive tool for ensuring the security of .NET applications.
Puma Scan - User Interface and Experience
User Interface and Experience
The user interface and experience of Puma Scan are designed to be intuitive and integrated seamlessly into the development workflow, particularly for .NET and C# developers.Integration with Development Environments
Puma Scan is closely integrated with Visual Studio, which is a familiar environment for many .NET and C# developers. It displays vulnerabilities and security issues in real-time, similar to spell check and compiler warnings. This immediate feedback helps developers address security bugs as they write the code, making the development process more efficient and secure.Ease of Use
The tool is designed to be user-friendly, providing instant results that are easy to interpret. The real-time analysis feature ensures that developers can identify and fix security issues without having to leave their development environment or wait for a separate scanning process to complete. This integration reduces the learning curve and makes it easier for developers to incorporate security checks into their daily coding routine.Continuous Integration
Puma Scan also integrates well with Continuous Integration (CI) build servers such as Jenkins, Azure DevOps, and TeamCity. This allows for automated code analysis during the build process, ensuring that security checks are a part of the continuous integration pipeline without the need to upload code to a third-party cloud service. This seamless integration enhances the overall ease of use and ensures that security is a consistent part of the development lifecycle.Reporting and Feedback
The tool provides detailed reports in various formats, including JSON, MSBuild, and HTML. These reports include explanations of warnings, severity levels, and code context, which helps developers quickly understand and address the issues identified by Puma Scan. The ability to share these reports with managers, compliance teams, and other executives further enhances the user experience by facilitating communication and collaboration.Customization
Puma Scan allows for customization of its checkers, enabling developers to disable or customize the logic of the security rules according to their specific needs. This flexibility ensures that the tool can be adapted to fit different development environments and security requirements, enhancing the overall user experience.Conclusion
In summary, Puma Scan’s user interface is designed to be highly integrated, intuitive, and easy to use, making it a valuable tool for developers looking to ensure the security of their .NET and C# applications without disrupting their workflow. Puma Scan - Key Features and Functionality
Puma Scan Overview
Puma Scan is a comprehensive security tool integrated into development environments to ensure secure code practices and protect applications from potential threats. Here are the main features and how they function:Vulnerability Detection
Puma Scan is equipped with a wide range of vulnerability detection capabilities, including:Cross Site Scripting (XSS) Detection
Identifies potential XSS vulnerabilities that could allow attackers to inject malicious scripts into web pages.SQL Injection Detection
Detects vulnerabilities that could allow attackers to execute malicious SQL code.Command Injection Detection
Finds vulnerabilities where an attacker could inject and execute arbitrary commands.Path Traversal Detection
Identifies issues where an attacker could access files and directories outside the intended directory.Insecure Deserialization Detection
Detects vulnerabilities related to the deserialization of data, which can lead to remote code execution.Sensitive Data Exposure Detection
Alerts on potential exposures of sensitive data.Insecure Cryptographic Storage Detection
Identifies insecure practices in storing cryptographic data.Insecure Communication Detection
Detects issues related to insecure communication protocols.Security Misconfiguration Detection
Finds misconfigurations that could lead to security vulnerabilities.Broken Authentication Detection
Identifies weaknesses in authentication mechanisms.Broken Access Control Detection
Detects issues with access control that could allow unauthorized access.Cross Site Request Forgery (CSRF) Detection
Identifies vulnerabilities that could allow attackers to perform actions on behalf of the user.XML External Entity (XXE) Detection
Detects vulnerabilities related to the processing of XML external entities.Insecure Direct Object References (IDOR) Detection
Finds issues where an attacker could manipulate direct object references.Remote Code Execution Detection
Identifies vulnerabilities that could allow an attacker to execute arbitrary code.File Inclusion Vulnerability Detection
Detects issues related to the inclusion of files that could lead to security breaches.Hardcoded Credentials Detection
Identifies hardcoded credentials that could be exploited.Weak Password Policy Detection
Alerts on weak password policies that do not meet security standards.Unvalidated Redirects And Forwards Detection
Detects issues with unvalidated redirects and forwards.Improper Error Handling Detection
Finds improper error handling practices that could reveal sensitive information.Integration and Automation
Visual Studio and Visual Studio Code Integration
Puma Scan integrates seamlessly with Visual Studio and Visual Studio Code, allowing developers to perform security scans in real-time or on demand as they write code. This integration displays findings as spell check errors or build warnings, making it easy for developers to address vulnerabilities early.Automated Command Line Tasks and Build Pipelines
The Server Edition provides a command line interface for executing security scans, which can be integrated into build pipelines. This allows for automated security scanning and vulnerability reporting during the build process.Custom Configuration and Reporting
Custom Configuration Options
Users can configure default scanner settings, rule options, custom tainted sources, custom cleanse methods, and suppress false positives. This customization helps in optimizing the performance and accuracy of the scans.Vulnerability Thresholds
Users can set thresholds for medium and low-risk vulnerabilities, which can stop the build process if these thresholds are exceeded. This ensures that only secure code is deployed.Reporting and Export Options
Scan results can be exported into various formats such as HTML, JSON, MSBUILD, VSO, and more, making it easy to share and analyze the results with development teams and management.AI and Data Flow Analysis
While the specific integration of AI is not detailed in the sources, Puma Scan uses advanced data flow analysis to determine if the source of an input comes from an untrusted source. This analysis helps in identifying potential security issues by tracing the flow of data through the application. The depth of this analysis can be adjusted to balance between accuracy and performance.Compliance and Feedback
Compliance Reporting
Puma Scan generates reports that can be used for compliance purposes and to manage vulnerabilities effectively.Feedback Loops
The tool provides feedback to developers in real-time, enabling them to fix vulnerabilities as they are identified, thus enhancing the DevSecOps pipeline. In summary, Puma Scan is a powerful tool that integrates into development environments to detect and remediate a wide range of security vulnerabilities. Its ability to automate security scans, provide real-time feedback, and customize settings makes it a valuable asset for ensuring secure code practices throughout the development lifecycle. Puma Scan - Performance and Accuracy
Performance of Puma Scan
Puma Scan, a software security analyzer, is designed to provide real-time and continuous source code analysis for C# applications, particularly within the .NET framework. Here are some key points regarding its performance:Real-Time Analysis
Puma Scan integrates seamlessly with Visual Studio and Visual Studio Code, allowing for near real-time analysis of code as developers write it. This feature ensures that security vulnerabilities are identified and displayed immediately, much like spell check and compiler warnings.Configuration and Customization
The tool offers extensive configuration options, including the ability to customize global settings, rule options, tainted sources, and cleanse methods. This customization helps in optimizing performance and accuracy according to the specific needs of the development team.Data Flow Analysis
Puma Scan performs advanced data flow analysis to determine if inputs come from untrusted sources. However, this feature can impact performance. Disabling data flow analysis can improve performance but may increase the number of false positives.Scan Depth
The `DataflowAnalysisNodeMaxDepth` setting allows users to control how deep the analyzer goes into the call tree. A higher value increases accuracy but also prolongs the scan time, while a lower value speeds up the scan at the cost of accuracy.Integration with CI/CD
Puma Scan Server Edition can be integrated with Continuous Integration (CI) build servers like Jenkins, Azure DevOps, and TeamCity. This allows for code analysis to occur locally on the build server without the need to upload code to a third-party cloud service, which can enhance performance and efficiency.Accuracy of Puma Scan
The accuracy of Puma Scan is influenced by several factors:Advanced Taint Analysis
Puma Scan uses advanced taint analysis to track the flow of data through the application, helping to identify potential security vulnerabilities accurately.Rule Configuration
Users can configure analysis rules, including setting risk ratings and enabling or disabling specific rules. This customization helps in reducing false positives and improving the accuracy of the scan results.Indeterminate Issues
The tool can handle indeterminate issues where the data flow analyzer cannot confidently determine if a vulnerability exists. Users can choose to report or suppress these issues, which affects the overall accuracy of the scan.Experimental Features
Puma Scan includes experimental features, such as JavaScript rules, which are designed to help identify potential security issues in JavaScript code. These features are continually improved based on user feedback.Limitations and Areas for Improvement
While Puma Scan is a powerful tool, there are some limitations and areas where it could be improved:Performance Trade-offs
Enabling advanced features like data flow analysis can slow down the scan process. Users need to balance between accuracy and performance by adjusting settings like `DataflowAnalysisNodeMaxDepth`.False Positives
Disabling certain features to improve performance can lead to more false positives. Users need to fine-tune the settings to minimize false positives while maintaining acceptable performance.Experimental Features
Some features, like JavaScript analysis, are still experimental and may not be as accurate or comprehensive as other parts of the tool. User feedback is crucial for improving these features.Integration Limitations
While Puma Scan integrates well with various CI/CD tools, there are limitations such as Azure DevOps only showing the first 11 warnings due to platform constraints. In summary, Puma Scan offers strong performance and accuracy in source code analysis, particularly for .NET and C# applications. However, it requires careful configuration to balance performance and accuracy, and some features are still in the experimental phase. Puma Scan - Pricing and Plans
Puma Scan Pricing Plans
Puma Scan offers several pricing plans and tiers, each with distinct features and benefits, to cater to different needs and scales of development projects.
Free Option: Puma Scan Professional Community Plan
- This plan is complimentary and provides basic security scanning capabilities.
- It includes standalone security analyzers that can be installed into Visual Studio, but it does not offer rule updates from the Puma Scan server.
Puma Scan Professional End User Edition
- Price: $299 per year
- Features:
- Fewer false positives compared to the Community Plan.
- Ability to export findings into reports (HTML, JSON, CSV).
- Advanced features and product support.
- Supports Visual Studio and VS Code extensions (though VS Code support is limited to .NET Core and .NET Standard projects).
- Can be installed on up to three machines with a single license.
Server Edition
- Price: Starting at $4,999 per year
- Features:
- Command line scanning and integration with build servers.
- Each Server license can be used on up to 5 build agents in a single organization.
- Additional Build Agent Bundles can be purchased in groups of 5 for $1,000.
- Generates scan results in various formats (HTML, JSON, MSBuild, VSTest (.trx), CSV).
- Includes five End User Licenses.
Azure DevOps Edition
- Price:
- Azure DevOps Standard: Allows scanning in up to 20 build pipelines.
- Azure DevOps Unlimited: Allows unlimited scanning within a single Azure DevOps organization. Pricing details for these plans are not specified but require registration and account setup.
- Features:
- Adds a Puma Scan build task to Azure DevOps pipelines.
- Generates scan results in various formats (HTML, JSON, MSBuild, VSTest (.trx), CSV).
- Includes five End User Licenses.
Enterprise License
- Custom Quote: Pricing varies based on the size and needs of the enterprise.
- Features:
- Custom training and installation guidance.
- Flexible payment options (quarterly, bi-annual, or annual).
- Support for as many licenses as the team or project requires.
Summary
In summary, Puma Scan offers a range of plans from a free Community Plan to more comprehensive and costly Server and Azure DevOps Editions, along with customizable Enterprise Licenses. Each plan is tailored to different scales and needs of development projects.
Puma Scan - Integration and Compatibility
Puma Scan Overview
Puma Scan, a security tool from Puma Security, is designed to integrate seamlessly with various development environments and tools, ensuring comprehensive security scanning and remediation. Here are some key points regarding its integration and compatibility:Integration with Development Environments
Puma Scan is closely integrated with Visual Studio, allowing it to run silently as developers write code. It can be installed as a Visual Studio extension, which enables live security analysis and feedback directly within the IDE.Continuous Integration (CI) and Continuous Deployment (CD)
Puma Scan supports integration with Continuous Integration and Continuous Deployment pipelines. It can be integrated with generic command line interfaces (CLI) and specific platforms like Azure DevOps, enabling automated security scans as part of the build process.Platform Compatibility
Operating Systems
The Puma Scan Server Edition currently supports Windows build agents.Mobile Platforms
Puma Scan also supports Android platforms, although the primary focus is on desktop and server environments.Supported Programming Languages and Frameworks
Puma Scan is specifically designed to support .NET Framework (including WebForms and MVC) and .NET Core applications written in C#. It also scans configuration files (.config) and view markup files (.aspx, .cshtml).Reporting and Export Formats
The tool exports scan results in various formats such as JSON, MSBuild, HTML, and more. This allows for easy integration with external bug tracking systems and vulnerability management systems by parsing these formats and consuming the API of the desired external system.Customization and Automation
Puma Scan allows for the customization of vulnerability thresholds and checkers. It can be configured to analyze incremental changes to code, such as commits, patches, and pull requests. Additionally, it supports scheduling scans and provides APIs to report results in SARIF format, XML, JSON, and CSV.User Interface and Support
Puma Scan provides a graphical user interface within Visual Studio, displaying security issues as spellcheck and compiler warnings. It also offers comprehensive documentation, including installation guides, user/operator guides, and integration guides. Overall, Puma Scan is well-integrated with key development tools and environments, making it a valuable asset for ensuring security throughout the development lifecycle. Puma Scan - Customer Support and Resources
Customer Support
Puma Scan offers several avenues for customer support:- You can contact the Puma Scan team for more information or to inquire about specific options, such as custom quotes for Enterprise Licenses or reseller discounts. They are open to discussing your needs and providing guidance.
- For general inquiries or issues, you can reach out to the Puma Scan team directly, although specific contact details like email or phone numbers are not provided on the Puma Scan website. However, the broader Puma Security resources suggest a proactive approach to customer engagement.
Additional Resources
Documentation and Guides
Puma Scan provides comprehensive documentation and guides to help users get started and make the most out of the tool. The GitHub Wiki for Puma Scan includes installation instructions and detailed documentation for the Community Edition.Community Engagement
The Puma Scan Community Edition encourages community involvement. Users can contribute by building their own security rules and submitting them back to the community. There is also a blog on building your own security analyzer, which can be a valuable resource for developers looking to engage more deeply with the tool.Training and Installation Guidance
For Enterprise Licenses, Puma Scan offers custom training and installation guidance. This can include online training or face-to-face training in your work environment, ensuring that your team is well-equipped to use the tool effectively.Integration with Development Tools
Puma Scan integrates seamlessly with Visual Studio, providing real-time source code analysis as developers write code. This integration includes full solution analysis and the ability to run security rules from a Build Server as part of a Continuous Integration (CI) process. Detailed instructions on how to set this up are available, ensuring that users can implement the tool smoothly into their development workflow.Licensing and Subscription
Puma Scan operates on an annual subscription model, which includes software updates, rule updates, and product support. The Professional End User edition offers advanced features like the ability to export findings into a report and reduced false positives. The licensing model allows for flexibility, with options to activate the scanner on up to three machines per license. By leveraging these resources, users of Puma Scan can ensure they are well-supported and equipped to maximize the benefits of this security analysis tool. Puma Scan - Pros and Cons
Advantages of Puma Scan
Real-Time Analysis
Real-Time Analysis: One of the significant advantages of Puma Scan is its ability to provide real-time, continuous source code analysis as developers write code. This feature allows vulnerabilities to be immediately displayed in the development environment, much like spell check and compiler warnings, preventing security bugs from entering the application.Integration and Compatibility
Integration and Compatibility: Puma Scan seamlessly integrates with various development environments, including Visual Studio, VS Code, Continuous Integration (CI), and Azure DevOps pipelines. This integration enables security teams to generate vulnerability reports and enforce security requirements efficiently.Comprehensive Security Features
Comprehensive Security Features: The tool offers a wide range of security features, including detection for Cross Site Scripting (XSS), SQL Injection, Command Injection, Path Traversal, Insecure Deserialization, and many more. This comprehensive coverage helps in identifying and mitigating a broad spectrum of potential security threats.Cost-Effective
Cost-Effective: Puma Scan is priced competitively, with the End User license starting at $299 per year, allowing developers to scan as many projects as needed. The Server Edition, while more expensive, offers significant value with its ability to integrate with build servers and support multiple build agents.Reporting and Sharing
Reporting and Sharing: The tool provides advanced reporting functionality, allowing teams to share results with managers, compliance teams, and other executives. Reports can be exported in various formats such as HTML, JSON, CSV, and more, making it easy to view, parse, and prioritize scan results.Community and Support
Community and Support: Puma Scan has a Community Edition that is open-source and licensed under the Mozilla Public License (MPL) version 2.0, encouraging contributions from the security community. Additionally, professional support options are available, including phone support and customizable professional services.Disadvantages of Puma Scan
Limited Platform Support
Limited Platform Support: While Puma Scan supports C# in both .NET Framework and .NET Core, it does not support legacy Web Site projects or cross-platform code editors like VSCode at this time.False Positives in Community Edition
False Positives in Community Edition: The Community Edition of Puma Scan may have more false positives compared to the Professional End User Edition, which has been optimized to reduce false positives.Scalability for Large Projects
Scalability for Large Projects: For very large monolith applications, the scan times can be significant, ranging between 10 to 20 minutes. This could be a consideration for teams working on extensive projects.Cost for Enterprise Solutions
Cost for Enterprise Solutions: While the End User license is reasonably priced, the Server Edition and additional build agent bundles can be expensive, starting at $4,999 and $1,000 respectively. This might be a barrier for smaller organizations or those with limited budgets. In summary, Puma Scan offers significant advantages in real-time security analysis, integration, and comprehensive security features, but it also has some limitations in terms of platform support, false positives in the Community Edition, and the cost for enterprise solutions. Puma Scan - Comparison with Competitors
Unique Features of Puma Scan
Puma Scan is a robust security tool that integrates seamlessly with development environments, offering real-time vulnerability detection and remediation. Here are some of its unique features:- Comprehensive Vulnerability Detection: Puma Scan detects a wide range of vulnerabilities, including Cross Site Scripting (XSS), SQL Injection, Command Injection, Path Traversal, and more.
- Integration with Development Environments: It supports continuous integration and can be configured to scan code in various modes, including near real-time analysis within Visual Studio.
- Custom Configuration: Users can customize default scanner settings, rule options, custom tainted sources, and custom cleanse methods to optimize performance and accuracy.
Alternatives and Competitors
TrustInSoft Analyzer
- Formal Methods: TrustInSoft Analyzer uses mathematical approaches to guarantee the absence of defects and security flaws in C and C code. It is recognized by NIST and offers exhaustive analysis with no false positives.
- Compliance and Verification: It reduces verification costs and efforts in bug detection significantly, providing irrefutable proof of software safety and security.
Parasoft C/C test
- Unified Testing Solution: Parasoft offers a unified solution for static analysis, unit testing, and structural code coverage, helping to satisfy industry functional safety and security requirements.
- Automated Testing: It is particularly strong in automated testing for embedded software systems.
Snyk
- Developer-First Security: Snyk focuses on securing applications from code to cloud, integrating with developers’ workflows to enhance productivity and security posture. It automatically scans code for vulnerabilities and provides remediation advice.
- Compliance and Integration: Snyk supports compliance with various security standards and integrates well with DevOps tools.
Kiuwan
- DevOps Integration: Kiuwan integrates into CI/CD pipelines to automate code security scanning. It covers a wide range of languages and complies with strict security standards like OWASP and CWE.
- Quick Vulnerability Detection: Kiuwan offers quick setup and fast scanning, making it efficient for teams of all sizes.
Qwiet AI
- Speed and Accuracy: Qwiet AI boasts 40X faster scan speeds and the highest OWASP benchmark score, making it highly accurate and efficient. It identifies vulnerabilities unique to the codebase and supports compliance with various regulations.
- Developer-Centric: Qwiet AI streamlines security processes to enhance both security and developer productivity.
Other Notable Alternatives
ZeroPath
- AI-Powered Scanning: ZeroPath uses AI to identify and fix issues like broken authentications, logic bugs, and outdated dependencies. It is easy to set up and integrates with CI/CD pipelines.
- Low False Positives: ZeroPath reports fewer false positives and finds more bugs than comparable tools.
CodeAnt AI
- Code Quality and Security: CodeAnt AI detects code quality issues, antipatterns, and vulnerabilities, and can automatically fix them. It supports over 30 languages and scans against multiple security policies.
- Code Health Dashboard: It provides instant visibility into code health and generates weekly executive reports.
Puma Scan - Frequently Asked Questions
Here are some frequently asked questions about Puma Scan, along with detailed responses to each:
What is Puma Scan and what does it do?
Puma Scan is a security tool that integrates with development environments to provide real-time vulnerability detection and remediation. It supports continuous integration, ensuring secure code practices and protecting applications from potential threats throughout the development lifecycle.
What types of vulnerabilities can Puma Scan detect?
Puma Scan can detect a wide range of vulnerabilities, including:
- Cross Site Scripting (XSS)
- SQL Injection
- Command Injection
- Path Traversal
- Insecure Deserialization
- Sensitive Data Exposure
- Insecure Cryptographic Storage
- Insecure Communication
- Security Misconfiguration
- Broken Authentication
- Broken Access Control
- Cross Site Request Forgery (CSRF)
- XML External Entity (XXE)
- Insecure Direct Object References (IDOR)
- Remote Code Execution
- File Inclusion Vulnerability
- Hardcoded Credentials
- Weak Password Policy
- Unvalidated Redirects And Forwards
- Improper Error Handling
What platforms and IDEs does Puma Scan support?
Puma Scan supports various platforms, including Windows, and integrates with several Integrated Development Environments (IDEs) such as:
- Visual Studio (2019 and 2022)
- Visual Studio Code (cross-platform for Windows, Mac OS, and Linux)
- Azure DevOps
However, cross-platform support for Mac OS and Linux is not available for the Server Edition.
What are the different editions of Puma Scan and their pricing?
Puma Scan offers several editions:
- Professional Community Plan: Free, but with limited features.
- Professional End User Edition: $299 per year, includes enhanced features, fewer false positives, and support options. It can be installed on up to three machines.
- Server Edition: Starting at $4,999 per year, allows command line scanning and integration with build servers. Each license can be used on up to five build agents.
- Azure DevOps Edition: Allows scanning within Azure DevOps pipelines, with Standard and Unlimited licenses available.
How does Puma Scan integrate with build pipelines?
Puma Scan can integrate with build pipelines through its Server Edition and Azure DevOps Edition. The Server Edition provides a command line interface for executing security analyzers, and the Azure DevOps Edition adds a Puma Scan build task to Azure DevOps pipelines. This integration ensures that security scans are executed automatically as part of the build process.
What formats are available for exporting Puma Scan results?
Puma Scan results can be exported in several formats, including:
- HTML
- JSON
- CSV
- MSBuild
- VSTest (.trx)
These formats allow for easy viewing, custom parsing, and integration with other vulnerability management systems.
How long does a Puma Scan take to complete?
The scan time depends on the size and scope of the project. Smaller projects can see results in under a minute, moderately sized projects may take a few minutes, and large monolith applications can take between 10 and 20 minutes.
What kind of customer support does Puma Scan offer?
Puma Scan provides customer support via phone. Additionally, they offer virtual or in-person training packages for support, which can be customized based on the needs of the user or organization.
Can Puma Scan be used on multiple machines with a single license?
Yes, the End User Edition license can be installed on up to three machines. Licenses are activated using machine-specific characteristics, including operating system and hardware identifiers, and are stored in the user’s roaming profile directory.
Does Puma Scan support scan history?
No, Puma Scan does not currently support scan history. The responsibility for archiving scan results falls to the Continuous Integration server or the DevOps teams, who can store the results in vulnerability management systems.