Introducing Coana, the Sequoia-backed, code-aware SCA tool, revolutionizing open source vulnerability management.
Written by
Industry
Location
Number of engineers
Programming languages
For software development teams that heavily rely on open source software, the task of remediating vulnerabilities can often be overwhelming. Today, we are excited to introduce Coana - a new approach to vulnerability scanning or Software Composition Analysis (SCA) specifically designed to address this challenge. With the backing of industry leaders such as Sequoia Capital and Essence VC, Coana is setting a new standard in managing vulnerabilities in open-source dependencies.
Coana emerged from a simple yet disturbing fact: traditional SCA tools produce up to 95% false alerts. This inefficiency stems from a lack of contextual understanding in vulnerability scanning. Traditional SCAs, despite being well-intentioned, often leave security teams sifting through a haystack of alerts to find the actual needles. Coana is here to change that.
Coana’s new approach centers on the concept of ‘reachability analysis’. This means, instead of merely flagging every vulnerability present in your open source dependencies, Coana discerns which parts of these dependencies you're actually using. For instance, if a vulnerability is detected in a JavaScript library, Coana determines whether your codebase actually invokes the compromised section. If it doesn't, you're spared the hassle of unnecessary remediation, focusing only on what truly matters.
Coana’s static analysis technique, honed through extensive academic research, delivers nuanced insights into your code's execution paths and potential vulnerabilities. Originally developed for JavaScript/TypeScript by leading researchers from Aarhus University in Denmark, including Professor Anders Møller and PhDs Benjamin Barslev Nielsen and Martin Torp, Coana is now evolving, extending its capabilities to new programming languages.
Our beta launch in October 2023 has already demonstrated significant impacts for companies like GAN Integrity (see case study) and Maze (see case study) focusing their application security efforts significantly.
Backed by Sequoia Capital, Essence VC, and other industry pioneers, Coana is dedicated to spreading this more intelligent, efficient approach to vulnerability management far and wide.
If the challenge of managing vulnerabilities in open source dependencies is overwhelming your security workflow, Coana offers a new way forward. Reach out to us to learn more about how Coana can streamline your security processes, or schedule a demo below to see Coana in action.
The Coana Team - Anders, Anders, Benjamin, and Martin