Puma Scan ProfessionalPuma Scan Professional is a licensed extension that provides continuous secure code analysis as development teams write code. Vulnerabilities are displayed as spell check and compiler warnings. Installation Launch VS Code Quick Open ( Ctrl+P), paste the following command, and press enter.Copied to clipboard |
Puma Scan ProfessionalPuma Scan analyzes your source code for vulnerabilities identified in the OWASP Top 10, SANS/CWE Top 25, and other common insecure coding patterns as you write code in VS Code. The current vulnerability categories covered by Puma Scan include: Insecure Application Configuration, SQL Injection, LDAP Injection, Command Injection, Path Tampering, Weak Password Configuration, Unvalidated Redirects, Cross-Site Scripting, Cross-Site Request Forgery, Weak Input Validation, Insecure Cryptography, Insecure Object Deserialization, Broken Authentication, Broken Access Control, Server-side Request Forgery, and Poor Secrets Management. The Puma Scan Professional Edition performs advanced data flow analysis to reduce false positives, allows engineers to configure rule options, add custom cleanse methods, add custom tainted sources to make the rules more accurate, and create false positive exceptions. The Professional Edition also allows engineers to generate vulnerability reports in HTML, JSON, and CSV formats. To use the VS Code extension, software engineers must register an account and purchase a license. Please visit https://pumascan.com to purchase your software license. After purchasing your license, please read the Installation Guide to install and configure the extension. Then, read the User Guide to start securing your code! For sales questions, please contact sales [at] pumascan [dot] com. For support questions, please contact support [at] pumascan [dot] com. |