The Puma Scan open source project is where it all started. View our GitHub repository to fork, customize, and contribute.
FREE
The Puma Scan Professional End User Edition allows developers to run Puma Scan with a Visual Studio extension. This edition includes enhanced features, fewer false positives and support options. The End User license is valid for one year and renewed annually.
$299.00
The Server Edition allows command line scanning and integration with your build server without the overhead of Visual Studio. Each Server license may be used on up to 5 build agents in a single organization. Build Agent Bundles can be purchased in groups of 5.
Plans starting at $4,999
Additional Build Agent Bundles are $1,000
Annual Renewal
The Azure DevOps Extension adds a Puma Scan build task to your Azure DevOps pipelines. Azure DevOps Standard licenses allow scanning in up to 20 build pipelines. Azure DevOps Unlimited licenses allow unlimited scanning within a single organization.
Our professional services include; Cloud Security, Secure DevOps, Secure Code Reviews, Vulnerability Assessments and Remediation.
The End User extension is a Visual Studio extension and scans C# in both the .NET Framework and .NET Core. Cross-platform code editors (e.g. VSCode) are not yet supported. Puma Scan supports .NET Web Forms, .NET MVC and C# projects. Legacy website projects are not supported.
To confirm that Puma Scan is installed correctly, can you clone our sample Puma Prey repository and verify that you are receiving diagnostic warnings in that solution.
Install only the Visual Studio Extension OR the NuGet package. Don't use both at the same time or Roslyn gets angry. This will only happen in the Community Edition.
The community edition rulesets are standalone security analyzers that are installed into Visual Studio. There is no communication back to the Puma Scan server to obtain rule updates at this time. We deliver rule updates and changes via patches and updates to the extension.
Yes, this is very important. See the installation instructions for more details.
The End User Edition offers several options for exporting the Puma Scan results. - HTML for easily viewing and Puma Scan results. See our Sample HTML Report for an example. - JSON formatting allows custom parsing with tools such as JQ. See our Sample JSON Schema for an example. - CSV allows developers to easily sort and prioritize the scan results.
Our pricing model is based on an annual subscription. We are happy to discuss and quote a perpetual option. Each year a license file will be available to activate the scanner. The annual subscription includes software updates, rule updates and product support.
One end-user license will be provided on the End User plan. The scanner can be installed on up to three machines with the purchase of one End User license.
While the Puma Scan Professional Community plan is complimentary, the Puma Scan Professional End User edition has fewer false positives, the ability to export findings into a report, more advanced features and product support.
A single license can be activated on up to three workstations. Workstations are activated using machine specific characteristics, including operating system and hardware identifiers. Licenses are installed in the user’s roaming profile directory. There won’t be issues with multiple licenses on a single machine belonging to different users.
Puma Scan supports C# in both the .NET Framework and .NET Core for .NET Web Forms, .NET MVC, and C# projects. Legacy Web Site projects are not supported. Cross-platform code editors (e.g. VSCode) are not yet supported.
Great news! You're interested in secure coding from your on-premise or cloud build servers. Purchase, installation and configuration steps are super simple and you'll be up and running in no time.
1. Register an Account in our Customer Portal.
2. Follow the prompts directing you to the license purchase options.
3. Select the product you are interested in purchasing.
4. Select payment by invoice or credit card.
Follow the steps for installation, user guide and check out the library of documented rules and vulnerabilities.
Five End User Licenses that are used as an extension in Visual Studio are included with each Server and Azure DevOps Editions.
A unique feature with our products is that everything can be purchased on an individual basis and are not required to be part of any package.
The Server Edition generates Puma Scan results in several formats. HTML for easily viewing Puma Scan results. JSON formatting allows custom parsing with tools such as JQ and integration with other vulnerability management systems. MSBuild formatting allows pipelines to processes the results and record vulnerabilities as build warnings or errors. Visual Studio Online (VSO) allows Puma Scan results to be added to the build warnings or errors when running as a VSTS build task. Other formats include VSTest (.trx) and Comma Separated Values (CSV).
Make sure to check out our Sample HTML Report. This shows the overall report format you'll see as you export your results.
It depends on the size and scope of the project. Smaller projects will see scan results in under a minute. Moderately sized projects may take a few minutes. Large monolith applications (e.g. > 50 projects in a single solution) have seen scan times between 10 and 20 minutes.
As soon as you commit your code, your build pipeline will kick off. Your build pipeline definition should contain the Puma Scan task to start the code scan.
This is the responsibly of your build pipeline. Each build should archive the artifacts (including the Puma Scan report data), allowing you to see the history and trending.
Absolutely! We offer Professional Services support for teams looking for additional guidance or personalization as they get their security scanning tools in place. This can be done both both virtually and on-site at your location. Please Contact Us for a professional services quote.
Puma Scan supports C# in both the .NET Framework and .NET Core for .NET Web Forms, .NET MVC, and C# projects. Legacy Web Site projects are not supported. Cross-platform code editors (e.g. VSCode) are not yet supported.
The Puma Scan team would be happy to guide your efforts to ensure security is part of the integration, rather than an afterthought. We'd love to talk with you, Contact Us.
Absolutely. Puma Scan was designed with developers, security teams and operations teams in mind to execute scans quietly and allow for vulnerabilities to be easily detected and corrected.
We'd love to talk with you, Contact Us
We offer flexible payment options including quarterly, bi-annual or annual. Our team will work with you on a custom quote and payment agreement for our professional services.
Contact Us to inquire about reseller discounts.
