Coana
Open-source vulnerability scanning with reachability analysis.
| Date | Investors | Amount | Round |
|---|---|---|---|
| - | investor | €0.0 | round |
| investor | €0.0 | round | |
| investor | €0.0 | round | |
| investor | €0.0 | round | |
| investor | €0.0 | round | |
* | N/A | Acquisition | |
| Total Funding | 000k | ||
| DKK | 2023 | 2024 |
|---|---|---|
| Revenues | 0000 | 0000 |
| EBITDA | 0000 | 0000 |
| Profit | 0000 | 0000 |
| EV | 0000 | 0000 |
| EV / revenue | 00.0x | 00.0x |
| EV / EBITDA | 00.0x | 00.0x |
| R&D budget | 0000 | 0000 |
Source: Company filings or news article
Related Content
Coana is a cybersecurity company that specializes in open-source vulnerability management for software development teams. The company's core product is a Software Composition Analysis (SCA) tool that uses advanced reachability analysis to identify which vulnerabilities in a project's dependencies are actually reachable and therefore pose a genuine threat. This approach allows development and security teams to filter out a high percentage of irrelevant security alerts, often over 80%, enabling them to focus remediation efforts on critical issues. The tool integrates into existing CI/CD workflows and provides features like assisted triaging by pinpointing exact code locations, auto-fixing, and generating VEX-enhanced Software Bill of Materials (SBOMs).
The company was established in Denmark in September 2022, born out of academic research from Aarhus University. The founders include Professor Anders Møller, a renowned figure in static analysis, his PhD graduates Benjamin Barslev (CTO) and Martin Torp (CPO), and experienced entrepreneur Anders Søndergaard (CEO). The foundation of Coana's technology stems from years of research into static program analysis for modern programming languages like JavaScript. In January 2024, Coana announced a $1.6 million pre-seed funding round led by Sequoia Capital, with participation from Essence VC and several prominent angel investors. A significant milestone occurred in April 2025 when Coana was acquired by Socket, a software supply chain security platform, to integrate its reachability analysis capabilities.
Coana operates on a B2B subscription-based business model, with pricing typically based on the number of contributors. This model provides clients, which include software developers, IT departments, and cybersecurity professionals, with continuous access to the scanning tool, a dashboard for reports, and integrations with other platforms like Jira and Slack. The service is designed to be zero-configuration and can run on-premises, ensuring clients' source code remains secure within their own environment.
Keywords: open-source security, vulnerability management, reachability analysis, Software Composition Analysis, SCA, static analysis, cybersecurity, application security, dependency management, software supply chain security, code scanning, CI/CD security, developer tools, false positive reduction, DevSecOps, JavaScript security, Sequoia Capital, Aarhus University, Socket, vulnerability prioritization