Frequently asked questions

How does Coana determine the reachability of vulnerabilities?

Can I trust Coana to correctly identify the reachability of vulnerabilities?

What happens if the reachability of a vulnerability later changes?

How does Coana know which parts of a package are affected by a vulnerability?

What kind of configuration does Coana require?

How is Coana run?

Does Coana scan containers?

I still have questions

What is a contributor?

Why is the pricing model based on contributors and not scans or lines of code?

What’s the ROI for using Coana?

Is a proof of concept possible with Coana?

What does the contractual agreement entail?

Is there a free price tier for open source projects?

I still have questions