blog
What is a Puma Scan? How is it different than other static scanners? A beginners guide to Puma Scan and how it can help you create and understand how to code securely in your .NET applications.
Puma Scan is a software security Visual Studio analyzer extension providing real time, continuous C# source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications. There are several different versions of the scanner for developers and teams.
It was important for me to understand why and how Puma Scan was different from other scanners out there. Actually, just understanding the concept of the product was new to me. I dove in and tried to make sense of the tool and why anyone would be interested in this for their projects and .NET applications. Three ways I found Puma Scan to be different.
Instant Results - The biggest difference that I found with Puma Scan compared to other End User scanning tools in the market was that this tool worked like a spellchecker, meaning it was constantly popping up security displays as I watched developers code (obviously, not me, the sales and marketing person).
Cost - I also found the price point to be much more appealing, with the End User license starting at $299 as an annual subscription.
Sharing Results - Now that the End User reporting function is available, I believe that teams will love the ability to share their results with managers, compliance teams, and other executives.
The professional End User license has so many features developers have found appealing in the scanner. For $299 per year, you can scan as many projects as you need.
Some of the really exciting features include; Advanced Data Fow Analysis, Reporting Functionality, Advanced Taint Analysis, Rule Configuration and so much more.
There seems to be so much energy and focus on how to integrate security into DevOps these days, and not just for a one-off project where you run your scan at the end, but in all phases of the development lifecycle. The server edition of Puma Scan is perfect for this, as you can have one server that comes with 5 licenses, with the ability to purchase build agent servers and more end user licenses on top of this.
Think grand scale server edition.