Real Time

Software Security

Puma Scan is a software security Visual Studio analyzer extension providing real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.


Secure Your Code At The Source

Code the way you usually do, and the integrated Puma security rules will silently search for security vulnerabilities and alert you when it finds one. Depending on the source of the vulnerability, Visual Studio will display potential security-specific diagnostics in two different locations.

Code Analysis Warnings

Code file rules run on code files (.cs or .vb) as syntax nodes, syntax trees, symbols, code blocks, or semantic models are parsed by the Roslyn compiler. Identified vulnerabilities are tagged in the source code location by Visual Studio with spell check style squiggles, as shown below:

Error List Warnings

The Visual Studio Error List displays diagnostic warnings raised by the Roslyn rules described above, as well as additional issues identified in non-code files (e.g. .config, .cshtml, .aspx, .js, .etc.). The following example shows an additional vulnerability identified in a configuration file:

Puma Scan Presentation

Want to see the Puma go hunting for vulnerabilities? Watch Puma Scan's project lead, Eric Johnson, discuss and demonstrate Puma Scan:

OWASP AppSecUSA 2016: Continuous Integration: Live Static Analysis with Visual Studio and the Rolsyn API
BSides Iowa 2017: Secure DevOps: A Puma's Tail

Follow Us Online: