sca

Silicon Valley venture capital (VC) juggernaut Sequoia is backing a fledgling Danish startup to build a next-gen software composition analysis (SCA) tool, one that promises to help companies filter through the noise and identify vulnerabilities that are a genuine threat. For context, most software contains at least some open source components, many of which are out-of-date and irregularly — if at all — maintained. In turn, this is leading to an array of fresh regulation, designed to strong-arm businesses into running a tighter software supply chain. The problem is, with millions of components permeating the software supply chain, it’s not always easy to know whether a given application is using a particular component. And this is where Danish cybersecurity startup Coana is setting out to make a difference, using “code aware” SCA to help its users separate out irrelevant alerts and focus only on those that matter.