Secure Your Code at the Source With Puma Scan


Puma Scan is a software security analyzer that provides real time, continuous source code analysis for C# applications. With Puma Scan, vulnerabilities are displayed immediately in the development environment and appear as spell check and compiler warnings.

Puma Scan also runs on Continuous Integration Servers such as Jenkins, Azure DevOps, and TeamCity. Code analysis runs locally on the build server with no need to upload code to a third-party cloud scanning service. Our light-weight, cost efficient option offers fast feedback to help you deliver secure products to your customers.

Learn more


Scans Code

With Puma Scan, you work and code as normal, while the integrated Puma Scan security rules silently search for security vulnerabilities and alert you if any are found. Applies for your Build Servers, Azure DevOps pipelines or in Visual Studio

Identifies Security Vulnerabilities

Security analyzers run on code files as the compiler parses syntax nodes, trees, symbols, code blocks, or semantic models. Identified vulnerabilities are tagged in the source code location by Visual Studio.

Secure Coding Fixes

Over 55+ documented vulnerabilities to reference and common secure fixes for them. Rule categories include; Configuration, Cross-Site Scripting, Cryptography, Insecure Deserialization, Injection, Password Management and Validation.

Puma Scan Professional Editions

End User Edition

Visual Studio extension for individual software engineers.

Puma Scan Professional offers 55+ security rules, fewer false positives

configurable rules, and vulnerability reporting to catch vulnerabilities

as developers write code.

Server Edition

Performs secure code analysis outside of Visual Studio. The Server Edition

can be executed from the command line on continuous integration servers.

Includes the ability to export vulnerability reports and stop the build

pipeline if high risk are identified.

Azure DevOps Edition

The Azure DevOps extension that integrates directly into Azure DevOps

Build and Release Pipelines. Install the Puma Scan build task into your

organization's build pipelines to perform secure code analysis, generate

vulnerability reports, and stop the build pipeline if high risks are identified.

Download a Trial Today! 30-Day Trial

Resources and FAQ's


Our backgrounds guided us to where we are today. From our start with secure coding in .NET, to nearly 30 combined years in the developer and security community, we understand the importance of including security measures through all parts of the SDLC and DevOps processes.
Eric Johnson Headshot Puma Scan

Eric Johnson

Principal Security Engineer

Eric's extensive experience includes application security automation, cloud security reviews, static source code analysis, penetration testing, SDLC consulting, and secure code review assessments.

Eric Mead Headshot Puma Scan

Eric Mead

Principal Security Engineer

Eric has 15+ years in software development. His primary focus is the .NET framework, however, Eric has a considerable amount of experience in front end frameworks such as Angular and React.

Brooke Johnson Headshot Puma Scan

Brooke Johnson

Managing Director - Client Engagement

Brooke is responsible for driving business development and the continuous improvement of client experience. Prior to this role, she worked at Caesars Entertainment for over 11 years.