Puma Scan Pricing

End User licenses can be installed on up to three (3) workstations owned by a single named user.

Run Puma Scan on your build server, with the option to add individual End User licenses.

A team of experts to help build a secure culture in your organization.

COMMUNITY

The Puma Scan open source project is where it all started. View our GitHub repository to fork, customize, and contribute.


FREE

END USER

The Puma Scan Professional End User Edition allows developers to run Puma Scan with a Visual Studio extension. This edition includes enhanced features, fewer false positives and support options. The End User license is valid for one year and renewed annually.


$299.00

The Puma Scan Professional End User Edition includes many advanced features:

  • Advanced Data Flow Analysis
  • Fewer False Positives
  • Vulnerability Reporting
  • Email Support
  • Configurable Rule Options
  • Tainted Source Configuration
  • Cleanse Method Configuration
  • Scheduled Telephone Support

SERVER

The Server Edition allows command line scanning and integration with your build server without the overhead of Visual Studio. Each Server license may be used on up to 5 build agents in a single organization. Build Agent Bundles can be purchased in groups of 5.



Plans starting at $4,999
Additional Build Agent Bundles are $1,000
Annual Renewal

AZURE DEVOPS

The Azure DevOps Extension adds a Puma Scan build task to your Azure DevOps pipelines. Azure DevOps Standard licenses allow scanning in up to 20 build pipelines. Azure DevOps Unlimited licenses allow unlimited scanning within a single organization.



Azure DevOps Standard - $5,999
Azure DevOps Unlimited - $10,999
Annual Renewal

Benefits of the Puma Scan Pro
Continuous Integration Tools

  • Command Line Scanner
  • Automated Security Scanning
  • Vulnerability Reporting
  • Enforce Security Requirements
  • Azure DevOps Cloud Based Security
  • Self Service Security Solutions
  • Build Server Integration
  • Build Failure Thresholds
  • Runs Without Visual Studio
  • Professional Services Support
  • Both CI options include 5 End User Licenses for use in Visual Studio
  • Created by and for .NET Security Engineers and Developers

Professional

Our professional services include; Cloud Security, Secure DevOps, Secure Code Reviews, Vulnerability Assessments and Remediation.

Team of experts to help build a secure development culture:

  • Protect Data in the Cloud
  • Dev, Ops and Sec work in tandem
  • Customized Product Training
  • Dedicated Support Engineers
  • Identify and Resolve Vulnerabilities
  • Take the guess-work out of remediation
Want to collect more data? Check out our Server Data Plans.

 

Frequently asked questions:

What languages and frameworks does Puma Scan support?

The End User extension is a Visual Studio extension and scans C# in both the .NET Framework and .NET Core. Cross-platform code editors (e.g. VSCode) are not yet supported. Puma Scan supports .NET Web Forms, .NET MVC and C# projects. Legacy website projects are not supported.

How do I install Puma Scan and ensure it's working on my machine?

To confirm that Puma Scan is installed correctly, can you clone our sample Puma Prey repository and verify that you are receiving diagnostic warnings in that solution.

The Community Edition has both a Visual Studio Extension and a Nuget package. Do I install both?

Install only the Visual Studio Extension OR the NuGet package. Don't use both at the same time or Roslyn gets angry. This will only happen in the Community Edition.

Is the plugin a standalone ruleset?

The community edition rulesets are standalone security analyzers that are installed into Visual Studio. There is no communication back to the Puma Scan server to obtain rule updates at this time. We deliver rule updates and changes via patches and updates to the extension.

Do I have to enable full solution analysis in Visual Studio?

Yes, this is very important. See the installation instructions for more details.

What export formats does the End User Edition support?

IS IT A ONE TIME COST OR AN ANNUAL SUBSCRIPTION?

Our pricing model is based on an annual subscription. We are happy to discuss and quote a perpetual option. Each year a license file will be available to activate the scanner. The annual subscription includes software updates, rule updates and product support.

HOW MANY LICENSES DO I RECEIVE?

One end-user license will be provided on the End User plan. The scanner can be installed on up to three machines with the purchase of one End User license.

WHAT'S THE DIFFERENCE BETWEEN THE PUMA SCAN PROFESSIONAL END USER PLAN AND THE COMMUNITY PLAN?

While the Puma Scan Professional Community plan is complimentary, the Puma Scan Professional End User edition has fewer false positives, the ability to export findings into a report, more advanced features and product support.

HOW ARE THE THREE MACHINES IDENTIFIED FOR THE END USER LICENSE?

A single license can be activated on up to three workstations. Workstations are activated using machine specific characteristics, including operating system and hardware identifiers. Licenses are installed in the user’s roaming profile directory. There won’t be issues with multiple licenses on a single machine belonging to different users.

What languages and frameworks does Puma Scan support?

Puma Scan supports C# in both the .NET Framework and .NET Core for .NET Web Forms, .NET MVC, and C# projects. Legacy Web Site projects are not supported. Cross-platform code editors (e.g. VSCode) are not yet supported.

How many End User Licenses does the Server Edition include?

Five End User Licenses that are used as an extension in Visual Studio are included with each Server and Azure DevOps Editions.

A unique feature with our products is that everything can be purchased on an individual basis and are not required to be part of any package.

What export formats does the Server Edition support?

The Server Edition generates Puma Scan results in several formats. HTML for easily viewing Puma Scan results. JSON formatting allows custom parsing with tools such as JQ and integration with other vulnerability management systems. MSBuild formatting allows pipelines to processes the results and record vulnerabilities as build warnings or errors. Visual Studio Online (VSO) allows Puma Scan results to be added to the build warnings or errors when running as a VSTS build task. Other formats include VSTest (.trx) and Comma Separated Values (CSV).

Make sure to check out our Sample HTML Report. This shows the overall report format you'll see as you export your results.

How long does a typical scan take for the Server Edition?

It depends on the size and scope of the project. Smaller projects will see scan results in under a minute. Moderately sized projects may take a few minutes. Large monolith applications (e.g. > 50 projects in a single solution) have seen scan times between 10 and 20 minutes.

When does the scan start?

As soon as you commit your code, your build pipeline will kick off. Your build pipeline definition should contain the Puma Scan task to start the code scan.

Does the tool keep track of project history?

This is the responsibly of your build pipeline. Each build should archive the artifacts (including the Puma Scan report data), allowing you to see the history and trending.

What languages and frameworks does Puma Scan support?

Puma Scan supports C# in both the .NET Framework and .NET Core for .NET Web Forms, .NET MVC, and C# projects. Legacy Web Site projects are not supported. Cross-platform code editors (e.g. VSCode) are not yet supported.

My team is migrating to the cloud. Now what?

The Puma Scan team would be happy to guide your efforts to ensure security is part of the integration, rather than an afterthought. We'd love to talk with you, Contact Us.

Will Puma Scan integrate with my cloud and devops practices?

Absolutely. Puma Scan was designed with developers, security teams and operations teams in mind to execute scans quietly and allow for vulnerabilities to be easily detected and corrected.

How do I build Continuous Integration between my development tools, security scanners and vulnerability management systems?

We'd love to talk with you, Contact Us

How does payment work?

We offer flexible payment options including quarterly, bi-annual or annual. Our team will work with you on a custom quote and payment agreement for our professional services.

Do you offer reseller discounts?

Contact Us to inquire about reseller discounts.