Question 1

How do I install Puma Scan in Visual Studio?

Accepted Answer

Installation instructions are provided on the GitHub Wiki, typically involving downloading from the Visual Studio Marketplace or following setup steps outlined in the documentation for seamless integration.

Question 2

Puma Scan vs SonarQube for .NET security?

Accepted Answer

Puma Scan focuses on real-time, in-IDE analysis within Visual Studio for immediate feedback, while SonarQube is a broader SAST tool for CI/CD pipelines with more extensive reporting. Choose Puma Scan for developer-centric workflows and SonarQube for comprehensive pipeline integration.

Question 3

Does Puma Scan support .NET Core and .NET 5+?

Accepted Answer

Yes, Puma Scan is designed for .NET applications, including .NET Core and newer versions, as it integrates with Visual Studio's build system to provide real-time and compile-time analysis across modern .NET frameworks.

Question 4

How to create custom security rules in Puma Scan?

Accepted Answer

You can build custom rules by following the blog post on 'Building Your Own Security Analyzer' linked in the README, which guides you through the rule engine and contribution process to tailor security checks.

Question 5

Is Puma Scan free for commercial use?

Accepted Answer

Yes, the Community Edition is licensed under the Mozilla Public License 2.0, allowing commercial use, but review the license for terms on modifications and distribution to ensure compliance.

Question 6

Can Puma Scan detect SQL injection vulnerabilities?

Accepted Answer

Yes, as a secure code analysis tool, Puma Scan identifies common vulnerabilities like SQL injection based on its built-in rule set, and you can extend detection with custom rules for specific project needs.

Puma Scan

What is Puma Scan?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions