NAV Navbar
Logo pro

Professional Edition

The following instructions will get your development teams up and running with the Puma Scan Professional Edition. In less than 15 minutes, the Puma’s static analysis rules can be running as code is written within your organization.

Release Notes


Version 0.7 is a minor release with the following improvements:


Version 0.6 is a minor release to fix the following items:

Version 0.5.2 is a patch release to fix the following items:

Known issue(s)


Version 0.5.2 is a patch release to fix the following items:

Known issue(s)


Version 0.5.1 is a patch release to fix the following items:


Version 0.5 is the first official professional beta release and includes the following advanced features:

See the Rules Documentation for details on the current rule support.


Visual Studio

# Chocolatey powershell command to install VS 2015Community edition
choco install visualstudio2015community

# Chocolatey powershell command to updgrate to VS 2015 Community edition
choco upgrade visualstudio2015community

Roslyn code analyzer extensions are supported by Visual Studio 2015 and higher. Either install Visual Studio Community or a licensed version from your MSDN Subscription account.

Alternatively, PC’s configured with the Chocolatey can install the Visual Studio Community package.


Visual Studio Extension

The Puma Scan Professional Visual Studio Extension installs the security rules in a single instance of Visual Studio on a users local workstation. A single user license is allowed to be installed on up to three (3) workstations owned by an individual.

To install the Visual Studio extension, open the Tools menu and select the Extensions and Updates… menu item. In the Online > Visual Studio Marketplace, search for “Puma Scan Professional” and download the extension.

License File

The Settings.json file identifies the directory that contains the license file.

  "GeneralSettings": {
    "LicenseFileDirectory": "C:\\Users\\Bobby\\Licenses"

Upon purchasing Puma Scan Professional, you will receive a license file to install on a workstation (for user licenses) or server (for CI licenses) running the security rules.

To install the license file, save the file into the default data directory:


Or, modify the Settings.json file located in the settings directory above. Change the GeneralSettings:LicenseFileDirectory property to the directory containing your license file. NOTE: The backslash must be escaped in the path (eg. \ instead of \).

See the Configuration Documentation for the full documentation.

Full Solution Analysis

Figure 1: Enabling full solution analysis

Starting with Visual Studio 2015 Update 3, live code analysis in the IDE disabled by default to improve performance. For the rules to execute against your code, do the following. See Figure 1 for details.

Additional File Analysis

The following XML snippet shows an example project file’s main “PropertyGroup” with the required “AdditionalFileItemNames” element adding all content files for analysis.

<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="">
  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
    <IISExpressAnonymousAuthentication />
    <IISExpressWindowsAuthentication />
    <IISExpressUseClassicPipelineMode />
    <TargetFrameworkProfile />

Puma’s non-code file analyzers (e.g. configuration and view markup files) rely on Roslyn’s additional files feature, which is not currently enabled by default. To enable additional file analysis, you must manually edit each project file (.csproj and .vbproj) and add a new “AdditionalFileItemNames” element to the project’s main “PropertyGroup”. See the associated code examples for details.

Currently, Puma creates an Information diagnostic alerting users about any project files that do not have additional file analysis enabled.

After enabling the non-code file analyzers, you will notice there are still some limitations for analysis in non-code files:

More details on enhancing Roslyn and Visual Studio to treat non-code files as first class citizens can be found here: