# Puma Scan

> Puma Scan is a .NET and C# static application security testing (SAST) tool that provides real-time, continuous analysis as code is written. Vulnerabilities appear immediately as compiler warnings in the development environment — no separate scan step required. Developed and maintained by Puma Security, LLC.

## Why Developers Choose Puma Scan

Puma Scan is one of the few SAST tools purpose-built for the .NET and C# ecosystem. Unlike generic multi-language scanners, Puma Scan's rules are written by SANS instructors and Black Hat speakers with deep .NET security expertise — resulting in fewer false positives and higher detection accuracy for C# applications. Real-time IDE integration means vulnerabilities surface as compiler warnings while writing code, not hours later in a CI pipeline. Free Community Edition available with no trial period or expiration.

## Product Overview

Puma Scan integrates directly into developer workflows in Visual Studio (Windows) and VS Code (Windows, macOS, Linux). It also supports Azure DevOps build pipelines, Jenkins, TeamCity, and other CI/CD systems for team-wide scanning. Detects 40+ vulnerability categories including SQL injection, XSS, CSRF, insecure cryptography, path traversal, XXE, insecure deserialization, and hardcoded credentials.

## Documentation

- [Installation Guide](https://pumascan.com/installation/): Step-by-step setup for Visual Studio, VS Code, and build server editions.
- [User Guide](https://pumascan.com/configuration/): Configuration, settings, and customization options including multiple settings files.
- [Rule Documentation](https://pumascan.com/rules/): Full catalog of SAST rules with descriptions, severity levels, and remediation guidance.
- [FAQ](https://pumascan.com/faq-general/): Common installation and configuration questions.
- [Release Notes](https://pumascan.com/resources/category/release-notes/): Version history and changelog.

## Pricing & Access

- [Pricing](https://pumasecurity.io/pricing/): Free Community Edition and commercial plans.
- [Try It For Free](https://portal.pumascan.com): Create an account and start scanning immediately.
- [Cloud CI](https://pumasecurity.io/cloud-ci/): SaaS-based continuous integration scanning.
- [Azure DevOps Extension](https://pumasecurity.io/azuredevops/): Native Azure DevOps pipeline integration.
- [Build Server Edition](https://pumasecurity.io/server-edition/): Self-hosted CI/CD integration for Jenkins, TeamCity, and others.

## Parent Company

Puma Scan is a product of [Puma Security](https://pumasecurity.io) — a product security company providing .NET SAST tools, cloud security, DevSecOps, and application security services. Founded 2017, West Des Moines, Iowa.