Socket, a leader in software supply chain security, is acquiring Coana, a top-tier static analysis and reachability engine built by leading security researchers from Aarhus University—boosting Socket’s platform and positioning Socket as a leader in modern Software Composition Analysis (SCA).
According to Socket, Coana brings powerful static control-flow and call graph analysis to Socket’s platform, allowing teams to prioritize vulnerabilities based on whether they’re actually exploitable in a given codebase.
With this acquisition, Socket now delivers the most complete and mature SCA platform on the market, the company said. Socket detects and blocks more than 500 software supply chain attacks per week, and has identified over 100,000 malicious artifacts across open source ecosystems such as npm, PyPI, Maven, and Go.
“For every team buried under thousands of vulnerability alerts, Coana’s reachability analysis offers a better way forward,” said Feross Aboukhadijeh, CEO and founder of Socket. “They’ve built the most scalable and accurate reachability engine we’ve seen, and we’re excited to bring it into Socket to give developers precise, actionable vulnerability insights—without the noise. Joining forces with Coana turbocharges our ability to deliver actionable, noise-free security alerts. This is a big win for our customers.”
The team behind Coana will join Socket.
“Joining Socket means we can scale our impact immediately. Together, we'll help organizations drastically reduce their vulnerability management burden,” said Anders Søndergaard, CEO at Coana.
Teams using Coana’s reachability analysis tool have seen up to 10x faster remediation times of critical security vulnerabilities as a result, the company said.
“Great technology is built by great people,” said Aboukhadijeh. “The Coana team shares our values and brings world-class engineering talent to Socket. Together, we’re going to redefine what secure software development looks like.”
For more information about this news, visit https://socket.dev.