Puma Scan - Short Review

Developer Tools

Puma Scan Website

Puma Scan is a comprehensive security analysis tool designed to help development teams identify and mitigate vulnerabilities in their .NET C# code. Here is a detailed overview of what the product does and its key features:

Purpose

Puma Scan is intended to integrate into the development lifecycle, particularly within build pipelines, to scan source code for potential security vulnerabilities. This ensures that security issues are addressed early in the development process, reducing the risk of exploits and improving the overall security posture of the application.

Key Features



Vulnerability Scanning

Puma Scan uses advanced security analyzers to scan .NET C# code for known and potential vulnerabilities. This includes scanning for common web application vulnerabilities such as SQL injection, cross-site scripting (XSS), and more.

Integration with Development Tools

The tool seamlessly integrates with popular development environments like Visual Studio Code (VS Code). It can be activated using the Command Palette, allowing developers to initiate scans manually or automatically upon saving code changes.

Scanning Modes

Puma Scan supports two scanning modes:
  • On Demand: Allows manual scanning of the source code using the Command Palette.
  • On Save: Automatically scans the source code and displays results in the Problems window after saving a document.


Reporting and Export

Scan results are displayed in the VS Code Problems window, and users can export these results to various formats such as HTML, JSON, or CSV. This facilitates easy tracking and reporting of vulnerabilities.

Configuration and Customization

The tool includes a `Settings.json` file for configuring how Puma Scan runs. Additionally, a `.pumafile` is generated in the application’s root directory during the first code scan, allowing for further customization of scan settings.

Licensing and Scalability

Puma Scan offers a Server Edition license that can be activated on up to five build agents, with the option to purchase additional agents in packages of five. This makes it scalable for large development teams and continuous integration/continuous deployment (CI/CD) pipelines.

Threshold Settings

Users can set a threshold for the allowable number of high-risk results before the build task fails, ensuring that critical vulnerabilities are addressed promptly.

Verbose Output

The tool provides an option for verbose output to the console when the build task runs, which can be useful for detailed debugging and analysis. By integrating these features, Puma Scan helps development teams maintain secure coding practices, identify vulnerabilities early, and ensure the delivery of secure software applications.

Puma Scan Website
Back to Short Reviews Main Page
Scroll to Top