Click here to get this post in PDF
Socket’s acquisition of Coana brings best-in-class reachability analysis to application security teams globally, cementing Socket’s position as the leader in software supply chain security. The news comes as Socket has seen over 300% year-over-year revenue growth over the past year with customers including Anthropic, Figma, OpenAI, and Vercel.
SAN FRANCISCO – April 23, 2025 – Socket, the market leader in software supply chain security, today announced it has acquired Coana, a top-tier static analysis and reachability engine built by leading security researchers from Aarhus University. This acquisition significantly strengthens Socket’s platform and positions Socket as the clear market leader in modern Software Composition Analysis (SCA).
Coana brings powerful static control-flow and call graph analysis to Socket’s platform, allowing teams to prioritize vulnerabilities based on whether they’re actually exploitable in a given codebase. Flooding developers with endless security alerts can often subject security teams to “alert fatigue”, meaning real issues don’t get addressed, a common phenomenon with traditional vulnerability scanners. Key to managing this workload is reachability analysis, which enables security teams to prioritize vulnerabilities that need to be addressed rapidly above those which cannot be practically exploited.
Coana’s revolutionary reachability analysis engine solves this problem, eliminating up to 80% of false positives — allowing AppSec (Application Security) teams to cut through the noise and dramatically accelerating time to remediation for the most critical vulnerabilities.
“For every team buried under thousands of vulnerability alerts, Coana’s reachability analysis offers a better way forward,” said Feross Aboukhadijeh, CEO and Founder of Socket. “They’ve built the most scalable and accurate reachability engine we’ve seen, and we’re excited to bring it into Socket to give developers precise, actionable vulnerability insights — without the noise. Joining forces with Coana turbocharges our ability to deliver actionable, noise-free security alerts. This is a big win for our customers.”
The world-leading team behind Coana have now joined Socket. Coana was founded by static analysis experts from Aarhus University. Led by Professor Anders Møller, a world-renowned pioneer in JavaScript analysis, Martin Torp, Benjamin Barslev, and CEO Anders Søndergaard, the team has spent years advancing the state of the art in static and control-flow analysis.
Anders Søndergaard, CEO at Coana said: “Joining Socket means we can scale our impact immediately. Together, we’ll help organizations drastically reduce their vulnerability management burden.”
Martin Torp, CPO at Coana said: “We founded Coana to give developers a tool that finds 100 critical issues, not 10,000 trivial ones. Joining Socket enables us to take that vision to the next level. Socket has led the charge on supply chain security, and now together we’ll deliver reachability analysis at a scale and impact that we could only dream of as a standalone product.”
Teams using Coana’s reachability analysis tool have seen up to 10x faster remediation times of critical security vulnerabilities as a result.
With this acquisition, Socket now delivers the most complete and mature SCA platform on the market. The company currently protects over 8,500 organizations and 750,000+ code repositories, scanning every commit in real time. Socket detects and blocks more than 500 software supply chain attacks per week, and has identified over 100,000 malicious artifacts across open source ecosystems like npm, PyPI, Maven, and Go.
With the news following Socket’s $40M Series B funding led by Abstract Ventures, Elad Gil and a16z, Zane Lackey, General Partner at a16z, said: “Socket’s approach to open source security is simply better — it’s proactive, precise, and built for how modern teams work. We believe that the combination of Socket and Coana will set a new standard for application security and marks the industry’s shift away from legacy SCA.”
This news comes as Socket has seen over 300% year-over-year revenue growth over the past year, and is now preventing 500+ supply chain attacks every week. Teams at Anthropic, Figma, OpenAI, and Vercel have moved from legacy SCA tools to Socket.
“Great technology is built by great people,” said Aboukhadijeh. “The Coana team shares our values and brings world-class engineering talent to Socket. Together, we’re going to redefine what secure software development looks like.”
To learn more about the Coana acquisition and what it means for customers, read Socket’s announcement blog post here.
About Socket
Socket is a developer-first security platform that protects your most critical apps from software supply chain attacks. Socket was built by prolific security experts whose open source software is installed over 1 billion times per month. Customers include top organizations in tech, media, manufacturing, and finance.
From tiny startups to Fortune 100 enterprises, Socket safeguards over 8.5K organizations (encompassing more than 750,000 repositories) from supply chain threats. Every week, 500+ supply chain attacks are prevented using Socket.
To learn more about our approach to developer security, check out a detailed walkthrough of the Socket platform by Feross Aboukhadijeh, Socket CEO. The Coana blog has many examples and case studies of Coana in action.
Socket is actively hiring across engineering, product, design, and sales. Candidates interested in building the future of software supply chain security can learn more at socket.dev/careers.
If you’re interested in trying Socket, schedule a live demo, or just reach out – we’d love to show you how we can help.
Also read:
RISA Labs Raises $3.5M to Eliminate Treatment Delays with AI-Powered Workflow Automation in Oncology
Image source: Socket.dev
