Puma Scan Professional Azure DevOps Extension

Puma Scan analyzes your source code for vulnerabilities identified in the OWASP Top 10, SANS/CWE Top 25, and other common insecure coding patterns as you write code in Visual Studio. The current vulnerability categories covered by Puma Scan include: Insecure Application Configuration, SQL Injection, LDAP Injection, Command Injection, Path Tampering, Weak Password Configuration, Unvalidated Redirects, Cross-Site Scripting, Cross-Site Request Forgery, Weak Input Validation, Insecure Cryptography, Insecure Object Deserialization, Broken Authentication, Broken Access Control, Server-side Request Forgery, and Poor Secrets Management.

The Puma Scan Professional Azure DevOps Extension enables the following features in an Azure Build Pipeline:

Security analyzers run on application source code during each build
Export vulnerability data to HTML, JSON, MSBuild, and MSTest formatted reports
Download vulnerability reports from the build's artifacts
Parse and display Puma Scan vulnerabilities as Unit Test results
View the number of Puma Scan vulnerabilities by severity on the build summary screen
View the Puma Scan vulnerability details on the Puma Scan Pro screen.

Installation Instructions

Please view the Puma Scan Azure DevOps Installation Guide for purchasing and step-by-step activation instructions.

Puma Scan Summary and Details

View the build pipeline Summary tab to view the artifacts, warnings, and Puma Scan Pro summary.
View the build pipeline Puma Scan Pro tab to view the detailed scan results.
Download the Puma Scan vulnerability reports using the build Artifacts