Home
Loading

aVenture is in Alpha: During this preview period, you should expect the research data to be limited and may not yet meet our exacting standards. We've made the decision to provide early access to our data to showcase the product as we build, but you should not yet rely upon it alone for your investment decisions.

aVenture is in Alpha: During this preview period, you should expect the research data to be limited and may not yet meet our exacting standards. We've made the decision to provide early access to our data to showcase the product as we build, but you should not yet rely upon it alone for your investment decisions.

Get in touch

  • Contact

  • Request a demo

  • Request data updates

  • Add a company

Research

  • Companies

  • Investors

  • People

aVenture

  • Sitemap

  • Feature requests

Member

Backed by

© aVenture Investment Company, 2026. All rights reserved.

San Francisco, CA, USA

Privacy Policy

aVenture Investment Company ("aVenture") is an independent research platform providing detailed analysis and data on startups, venture capital investments, and key industry individuals. It is not a registered investment adviser, broker-dealer, or investment advisor and does not provide investment advice or recommendations. The data provided by aVenture does not constitute recommendations or advice, whether by methodology, analysis, AI-generated content, or a statement written by a staff member of aVenture.

aVenture is not affiliated with any of the people, companies, organizations, government agencies, regulatory bodies, or investment funds we provide coverage for on this site unless explicitly stated otherwise. Users assume full responsibility for decisions made based on information obtained from this platform. Links to external websites do not imply endorsement or affiliation with aVenture. Any links that provide the ability to invest in a primary or secondary transaction in a company are for convenience only and do not constitute solicitations or offers to buy or sell an investment. Investors should exercise heightened precaution and due diligence when investing in private companies, especially those not independently audited.

While we strive to provide valuable insights with objectivity and professional diligence, we cannot guarantee the accuracy of the information provided on our platform. Before making any investment decisions, you should verify the accuracy of all pertinent details for your decision. To the fullest extent permitted by law, aVenture shall not be liable for any direct, indirect, incidental, consequential, or financial damages arising from use of this site, whether by consumers of its contents directly or by persons or organizations covered by our research, even if we are advised of the possibility. Our best-efforts processes and correction request forms do not create a warranty or duty of care.

Profiles on this platform may include content generated in part by large language models (LLMs, artificial intelligence) that aggregate publicly available sources (e.g., SEC EDGAR, public filings, press releases). Source attribution is provided where known; always verify statements and claims here against original sources before relying on any data. Content on our site may contain inaccuracies, omissions, or what are commonly called 'hallucinations' if generated in part or in full by AI / LLMs. The risk can also exist even when content is written by a human, as internal and third-party sources may also have inaccuracies for the same or different reasons. While we randomly audit a proportion of content, this is not exhaustive.

We recommend that an independent auditor be hired to verify the accuracy of the information before relying on it for any sensitive decisions. By accessing this platform, you agree not to rely solely on any information generated by AI, aggregated, or sourced or written otherwise on this site, for investment, financial, or other decisions. aVenture assumes no responsibility for inaccuracies, omissions, or hallucinations. You must independently verify all data from primary sources. Use of this platform constitutes your waiver of claims for reliance-based damages, including negligent misrepresentation. To report an error, request a correction, or dispute information about a company or individual, contact us via our request data updates form.

Loading
Loading
Home
News
Sequoia backs Coana to help companies prioritise vulnerabilities using ‘codenaware’ software analysi

From TechCrunch

By Paul Sawers

January 23, 2024

Sequoia backs Coana to help companies prioritise vulnerabilities using ‘codenaware’ software analysi

Sequoia backs Coana to help companies prioritise vulnerabilities using ‘codenaware’ software analysi

Silicon Valley venture capital (VC) juggernaut Sequoia is backing a fledgling Danish startup to build a next-gen software composition analysis (SCA) tool, one that promises to help companies filter through the noise and identify vulnerabilities that are a genuine threat.

For context, most software contains at least some open source components, synopsys-study-shows-91-of-commercial-applications-contain-outdated-or-abandoned-open-source-components" target="_blank" rel="noopener" data-mrf-link="https://www.securitymagazine.com/articles/92368-synopsys-study-shows-91-of-commercial-applications-contain-outdated-or-abandoned-open-source-components" cmp-ltrk="In-Article Links" cmp-ltrk-idx="0" mrfobservableid="809001ba-3be7-4c0b-a8fd-ebd0dc7a4ce1">many of which are out-of-date and irregularly — if at all — maintained. This has led to all manner of security flaws, such as Log4Shell which impacted the open source Java logging framework Log4j and led to breaches impacting high-profile organisations such as a U.S. Federal agency which failed to patch the bug. In turn, this is leading to an array of fresh regulatio , designed to strong-arm businesses into running a tighter software supply chain.

The problem is, with millions of components permeating the software supply chain, it’s not always easy to know whether a given application is using a particular component. There are, of course, many software composition analysis (SCA) tools out there, from Snyk to Synopsis, which alert companies about known vulnerabilities in their technology stack — but this can create a lot of noise, particularly if an application isn’t actively using that component, thus making it difficult for security teams to prioritize the vulnerabilities that really matter.

And this is where Danish cybersecurity startup Coana is setting out to make a difference, using “code aware” SCA to help its users separate out irrelevant alerts and focus only on those that matter.

Founded out of Denmark in 2021, Coana is the handiwork of a computer science professor (Anders Møller) and two PhDs (Martin Torp and Benjamin Barslev Nielse ) who say they hit upon a “technical breakthrough” while part of a research group at Denmark’s Aarhus University, discovering a new technique for analyzing and understanding large, JavaScript-based applications. CEO Anders Søndergaard joined the trio as co-founder in 2022, having exited a previous biometrics tech startup called Resilio the previous year.

To help fund their company through its early-access stage to full commercialization, Coana today announced it has raised $1.6 million in a pre-seed round of funding led by Sequoia Capital, with participation from Essence VC and a slew of angels including current and former executives from Google, Red Hat, and GitHub.

Third-party

A typical application can consist of as much as 90% third-party libraries, the majority of which are open source and maintained (or not) by any number of volunteer developers.

So a company building software might build their own application layer that draws on these myriad libraries, creating a long chain of dependencies that are connected by functions. Traditionally, a SCA tool would look at the version number of a particular dependency, and map it against a database of known vulnerabilities and then report back to the developers if it finds a match. However, in many cases, an application might only use one or two functions from a library of maybe 50 — so if a vulnerability exists in a part of the library that the app never calls, it shouldn’t really impact that application.

Companies can use Coana to build what t calls a “call graph” of the entire application, spanning application code and dependencies, to understand the data flow paths, and then use that to eliminate false positives.

“The amount of packages being used and the lines of code can be extremely high volume, so it requires some really sophisticated static analysis,” Søndergaard told TechCrunch. “The call graph enables us to do a huge analysis on all the possible paths between different dependencies. So, imagine an application consisting of hundreds or thousands of dependencies, we can identify all the paths between those dependencies to understand which ones are truly vulnerable — and which ones are not.”

It is still very early days, of course, with Coana introducing the first iteration of its product in October for its first paying customers — a mix of Series B and Series C-stage startups and scaleups. However, the company is working to expand its support beyond JavaScript and into Java and Python this year, which will help it target a broader customer base.

“As our product matures, and our company matures, we’re moving up market, eventually targeting large enterprises, but that will take a while before we have the sophistication on the language support to get to get to that level,” Søndergaard said.

Companies looking to check out Coana today can apply for early access now.

Most Recent

Databricks hits $188B valuation, extending its run as AI’s favorite second act

Databricks hits $188B valuation, extending its run as AI’s favorite second act

Databricks has remade its image into an AI company and has published research on the cost savings of open weight AI models for coding.

Jul 17, 2026

Nuclear startup Valar Atomics in talks to raise new funding at $6B valuation

Nuclear startup Valar Atomics in talks to raise new funding at $6B valuation

The potential deal highlights a growing trend of complex, multi-stage funding rounds that mask true entry prices.

Jul 17, 2026

AI-powered travel agency Fora hits unicorn status, raises $60M

AI-powered travel agency Fora hits unicorn status, raises $60M

Travel agency Fora announced a $60 million Series D round led by Forerunner and Tactile Ventures, valuing the company at $1 billion.

Jul 16, 2026

Sheryl Sandberg leads $10 million investment in AI-powered vehicle inspection service

Sheryl Sandberg leads $10 million investment in AI-powered vehicle inspection service

The startup, founded in 2021, lets enterprise customers use smartphones to scan and spot vehicle damage.

Jul 16, 2026

Similar Posts

Socket lands $20M investment to help companies secure open source software

Socket lands $20M investment to help companies secure open source software

Socket, a startup that provides a scanning tool to detect security vulnerabilities in open source code, today announced that it raised $20 million in a Series A round led by Andreessen Horowitz (a16z). The tranche had participation from Abstract Ventures, Wndrco, Unusual Ventures and an impressively high-profile list of angel investors, including the co-founders of […]

Aug 1, 2023

Socket lands a fresh $40M to scan software for security flaws

Socket lands a fresh $40M to scan software for security flaws

The software supply chain, which comprises the components and processes used to develop software, has become precarious. According to one recent survey, 88% of companies believe poor software supply chain security presents an “enterprise-wide risk” to their organizations. Open source supply chain components are especially fraught, thanks to the logistical hurdles in keeping each component well-maintained. Security firm Synopsys found in its 2023 report that 89% of businesses’ codebases containe

Oct 22, 2024

AI comes to software reviews as Stackfix raises $3M

AI comes to software reviews as Stackfix raises $3M

Marketplaces for software and services based on reviews are starting to reach their sell-by date. The user-generated reviews on sites like G2 and Capterra (one of Gartner’s three software directories) have often been accused of being paid for by software vendors. In fact, eight out nine of the reviews on the first page of G2’s reviews of HubSpot are labelled “Incentivized Review.” Born out of the AI-pioneers behind Jukedeck, Stackfix is a startup that has now raised $3 million in seed funding t

Dec 3, 2024

Oneleet raises $33M to shake up the world of security compliance

Oneleet raises $33M to shake up the world of security compliance

Founder Bryan Onel says too many companies are doing the bare minimum to meet their security compliance obligations, and raised $33 million to help his customers get both compliant and secure.

Oct 2, 2025

Most Recent

Databricks hits $188B valuation, extending its run as AI’s favorite second act

Databricks hits $188B valuation, extending its run as AI’s favorite second act

Databricks has remade its image into an AI company and has published research on the cost savings of open weight AI models for coding.

Jul 17, 2026

Nuclear startup Valar Atomics in talks to raise new funding at $6B valuation

Nuclear startup Valar Atomics in talks to raise new funding at $6B valuation

The potential deal highlights a growing trend of complex, multi-stage funding rounds that mask true entry prices.

Jul 17, 2026

AI-powered travel agency Fora hits unicorn status, raises $60M

AI-powered travel agency Fora hits unicorn status, raises $60M

Travel agency Fora announced a $60 million Series D round led by Forerunner and Tactile Ventures, valuing the company at $1 billion.

Jul 16, 2026

Sheryl Sandberg leads $10 million investment in AI-powered vehicle inspection service

Sheryl Sandberg leads $10 million investment in AI-powered vehicle inspection service

The startup, founded in 2021, lets enterprise customers use smartphones to scan and spot vehicle damage.

Jul 16, 2026

Similar Posts

Socket lands $20M investment to help companies secure open source software

Socket lands $20M investment to help companies secure open source software

Socket, a startup that provides a scanning tool to detect security vulnerabilities in open source code, today announced that it raised $20 million in a Series A round led by Andreessen Horowitz (a16z). The tranche had participation from Abstract Ventures, Wndrco, Unusual Ventures and an impressively high-profile list of angel investors, including the co-founders of […]

Aug 1, 2023

Socket lands a fresh $40M to scan software for security flaws

Socket lands a fresh $40M to scan software for security flaws

The software supply chain, which comprises the components and processes used to develop software, has become precarious. According to one recent survey, 88% of companies believe poor software supply chain security presents an “enterprise-wide risk” to their organizations. Open source supply chain components are especially fraught, thanks to the logistical hurdles in keeping each component well-maintained. Security firm Synopsys found in its 2023 report that 89% of businesses’ codebases containe

Oct 22, 2024

AI comes to software reviews as Stackfix raises $3M

AI comes to software reviews as Stackfix raises $3M

Marketplaces for software and services based on reviews are starting to reach their sell-by date. The user-generated reviews on sites like G2 and Capterra (one of Gartner’s three software directories) have often been accused of being paid for by software vendors. In fact, eight out nine of the reviews on the first page of G2’s reviews of HubSpot are labelled “Incentivized Review.” Born out of the AI-pioneers behind Jukedeck, Stackfix is a startup that has now raised $3 million in seed funding t

Dec 3, 2024

Oneleet raises $33M to shake up the world of security compliance

Oneleet raises $33M to shake up the world of security compliance

Founder Bryan Onel says too many companies are doing the bare minimum to meet their security compliance obligations, and raised $33 million to help his customers get both compliant and secure.

Oct 2, 2025