SAN FRANCISCO – April 23, 2025 – Socket, the market leader in software supply chain security, today announced it has acquired Coana, a top-tier static analysis and reachability engine built by leading security researchers from Aarhus University. This acquisition significantly strengthens Socket’s platform and positions Socket as the clear market leader in modern Software Composition Analysis (SCA).
Why Coana is Essential for Modern Vulnerability Management
Coana brings powerful static control-flow and call graph analysis to Socket’s platform, allowing teams to prioritize vulnerabilities based on whether they’re actually exploitable in a given codebase. Flooding developers with endless security alerts can often subject security teams to “alert fatigue”, meaning real issues don’t get addressed, a common phenomenon with traditional vulnerability scanners. Key to managing this workload is reachability analysis, which enables security teams to prioritize vulnerabilities that need to be addressed rapidly above those which cannot be practically exploited.
Coana’s revolutionary reachability analysis engine solves this problem, eliminating up to 80% of false positives — allowing AppSec (Application Security) teams to cut through the noise and dramatically accelerating time to remediation for the most critical vulnerabilities.
“For every team buried under thousands of vulnerability alerts, Coana’s reachability analysis offers a better way forward,” said Feross Aboukhadijeh, CEO and Founder of Socket. “They’ve built the most scalable and accurate reachability engine we’ve seen, and we’re excited to bring it into Socket to give developers precise, actionable vulnerability insights — without the noise. Joining forces with Coana turbocharges our ability to deliver actionable, noise-free security alerts. This is a big win for our customers.”
The world-leading team behind Coana have now joined Socket. Coana was founded by static analysis experts from Aarhus University. Led by Professor Anders Møller, a world-renowned pioneer in JavaScript analysis, Martin Torp, Benjamin Barslev, and CEO Anders Søndergaard, the team has spent years advancing the state of the art in static and control-flow analysis.
Anders Søndergaard, CEO at Coana said: “Joining Socket means we can scale our impact immediately. Together, we’ll help organizations drastically reduce their vulnerability management burden.”
Martin Torp, CPO at Coana said: “We founded Coana to give developers a tool that finds 100 critical issues, not 10,000 trivial ones. Joining Socket enables us to take that vision to the next level. Socket has led the charge on supply chain security, and now together we’ll deliver reachability analysis at a scale and impact that we could only dream of as a standalone product.”
Teams using Coana’s reachability analysis tool have seen up to 10x faster remediation times of critical security vulnerabilities as a result.
With this acquisition, Socket now delivers the most complete and mature SCA platform on the market. The company currently protects over 8,500 organizations and 750,000+ code repositories, scanning every commit in real time. Socket detects and blocks more than 500 software supply chain attacks per week, and has identified over 100,000 malicious artifacts across open source ecosystems like npm, PyPI, Maven, and Go.
With the news following Socket’s $40M Series B funding led by Abstract Ventures, Elad Gil and a16z, Zane Lackey, General Partner at a16z, said: “Socket’s approach to open source security is simply better — it’s proactive, precise, and built for how modern teams work. The combination of Socket and Coana is the nail in the coffin for legacy SCA. This is the new standard for application security.”
This news comes as Socket has seen over 300% year-over-year revenue growth over the past year, and is now preventing 500+ supply chain attacks every week. Teams at Anthropic, Figma, OpenAI, and Vercel have moved from legacy SCA tools to Socket.
“Great technology is built by great people,” said Aboukhadijeh. “The Coana team shares our values and brings world-class engineering talent to Socket. Together, we’re going to redefine what secure software development looks like.”
Local News Via - MyrtleBeachSC.com
