Puma Scan offers real-time security analysis for developers

A new company in West Des Moines allows developers to receive real-time feedback as they code.

Puma Scan is a Visual Studio extension that provides live, continuous software security analysis for C# applications. The Puma Scan expansion immediately displays vulnerabilities and compiler warnings within the code editor.

“It works kind of like a spell checker as you type your code,” said Eric Mead, Principal Security Engineer at Puma Scan. “It suggests ‘hey you’re doing this wrong’ or ‘you might be opening yourself up to a vulnerability by doing it this way.'”

Originally released as a free open source project, the company now also offers professional versions of the product intended to support larger projects.

“The community version is pretty lightweight. It has all the same rules and looks for the same vulnerabilities that our professional version does, but it doesn’t have the data flow tracking or customization of rules,” Mead said. “And the customization aspect is huge. The flexibility of someone being able to add their own rules takes the weight off our shoulders and works as self-serving customer service as well.”

The community version has been around for about two and a half years now and has been downloaded thousands of times. The professional version, which launched a little over a year ago, is still ramping up and now has around a dozen users, Mead told Clay & Milk.

“I assumed we’d be targeting more small companies because our product is kind of a lightweight, more cost-effective version of some of these big monolith applications,” Mead said. But we’ve received interest from some rather large companies that are trying it out right now as well.”

Mead says that Puma Scan’s big differentiator is that it is more of a niche tool and a not all-encompassing.

“We just focus on that one platform and really live code analysis, where with other tools you have to push a button and wait,” Mead said. “We’re really targeting those who want that immediate feedback.”