Coana: Transforming Software Security Landscape with New SCA Tool

The global landscape of cybersecurity is an evolving battlefield, picking up speed and complexity as technology and potential threats advance. A recent move to fortify security protocols has been made by Coana, a Danish startup, which is creating a new tool for software composition analysis (SCA) with backing from venture capital colossus, Sequoia. SCA tools are a critical part of managing software vulnerabilities, and Coana’s advanced technology comes at a time when outdated and unattended open-source components are becoming a significant risk in many software applications[source].

The challenge for many corporations is determining if a specific application utilizes a certain component, largely due to the vast volume of components involved in the supply chain[source]. Current SCA mechanisms often cry wolf by blasting out alerts about known vulnerabilities that the application isn’t even using. Coana intends to provide a remedy by using “code aware” SCA, guiding users to focus on pertinent alerts[source].

The cybersecurity startup launched in 2021 with founders Anders Møller[source], Martin Torp[source], and Benjamin Barslev Nielsen[source]. Anders Søndergaard, a co-founder of Resilio[source], came onboard as their CEO in 2022. With a recent boost of $1.6 million from a pre-seed funding round led by Sequoia Capital, Coana shows no signs of slowing down[source].

Coana’s technology atomizes the issue of false positives, addressing another downside of traditional SCA tools. It builds a “call graph” for the full application and its dependencies rather than merely matching version numbers of dependencies against known vulnerabilities. October saw the rollout of Coana’s first product, initially focusing on Series B and Series C-stage startups and scaleups as clients[source].

As the company expands its support to cover Java and Python as well as Javascript, it also plans to serve large enterprises[source]. However, realizing this level of language support will require time and concentrated effort.

Overall, Coana’s commitment to redefine cybersecurity shows how the industry is responding to the evolution of cyber threats. With rigorous funding, experienced leadership, and a forward-thinking approach, this startup may prove to be an influential player in shaping safer digital spaces.