Coana Joins Socket to Lead the Next Generation of AppSec

We are excited to announce that Coana has been acquired by Socket!

This is a big moment for us. We started Coana based on our academic research to build an open-source vulnerability scanner that would use advanced static analysis to drastically reduce the noise coming from traditional scanners.

Now, two and a half years later, we’re teaming up with Socket — a team we’ve long admired for redefining how modern software teams approach security. Their dev-first mindset, technical depth, and clear product leadership in open-source supply chain security is a perfect home for what we’ve built — and where we’re headed together in the future.

From Academia to Impact

We launched Coana in 2022 with the backing of the amazing people at Sequoia Capital and a bold thesis: static reachability analysis is the missing piece in Software Composition Analysis (SCA). That vision was rooted in years of research at Professor Anders Møller’s research group at Aarhus University, where we worked on the forefront of static control-flow analysis. Coana was our way of translating academic breakthroughs into real-world impact for developers and security engineers.

By applying reachability analysis to SCA, we enabled security teams to eliminate up to 80% of false positives compared to their traditional SCA tools. Now, instead of chasing irrelevant alerts, security and engineering teams could focus only on what was actually relevant.

Over the past two years, we evolved that vision from an academic prototype into a production-ready engine used by some of the world’s most demanding software teams. We built a small team of world-class engineers, earned the trust of customers, and delivered the most precise and reliable reachability engine for dynamic languages.

Why Socket

Socket and Coana share the ambition of developing software security tools that are fundamentally smarter than traditional approaches.

Socket had already redefined Software Supply Chain Security by detecting malicious package behavior and preventing supply chain attacks in real time. What they needed next was a precise prioritization engine for known vulnerabilities. That’s where Coana comes in.

Together, we’re combining Coana’s best-in-class reachability engine with Socket’s platform to deliver next-generation SCA — helping developers cut through the noise and fix what matters. The integration is already underway, and it’s going to be a leap forward in how the world approaches open-source security.

We’ve seen a lot of companies and products in AppSec — but none that align so deeply with our values and vision as Socket. Their vision, execution, and technical foundation are second to none, and we couldn’t be more excited to scale our impact with them.

What’s Next

Our entire team has joined Socket, and we’re already working hard to bring our reachability analysis directly into the Socket platform. If you're a Socket user, you’ll soon see reachability context woven directly into your dashboards and reports. For existing Coana users, we’ll provide a seamless transition into the Socket platform as soon as everything is ready.

To our customers, investors, advisors, and friends: a heartfelt thank you. You helped us take Coana from an academic vision to something real and impactful. We're proud of what we built — and even more excited about what’s coming next.

Onward,
‍Anders, Anders, Benjamin, Martin
‍Co-founders, Coana