COANA

Coana provides software composition analysis (SCA) tools that use reachability analysis to identify and prioritize vulnerabilities in open source software dependencies. The company's technology is built on academic research in static analysis from Aarhus University, specifically focusing on determining whether vulnerable code in dependencies is actually reachable and executable within an application's codebase. The platform analyzes code to reduce false positives by identifying which vulnerabilities pose actual risk based on code reachability, rather than simply flagging all known vulnerabilities in dependencies. This approach helps development and security teams focus on vulnerabilities that can actually be exploited in their specific applications. Coana supports multiple programming languages and provides features including assisted triaging, auto-fixing capabilities, and SBOM/VEX generation. Founded in 2022 by three static analysis specialists including Professor Anders Møller from Aarhus University and his PhD graduates Benjamin Barslev and Martin Torp, along with entrepreneur Anders Søndergaard. The company's technology is based on PhD research in static analysis for Node.js programs. Coana received pre-seed funding from Sequoia Capital and Essence VC in 2024, and was awarded EU funding through the EIC Transition programme in 2025. The company was acquired by Socket in April 2025. Coana integrates with development workflows and serves technology companies seeking to manage open source vulnerabilities more efficiently by reducing alert fatigue and focusing remediation efforts on exploitable vulnerabilities.