Supply chain security startup Socket has acquired cloud-based automated code review software startup Coana ApS for an undisclosed sum. Coana’s offerings include reachability analysis, a method that determines whether identified vulnerabilities in code dependencies are actually exploitable within a specific application. The approach involves constructing detailed call graphs through static control-flow analysis to identify which parts of the code are reachable and which are not, allowing developers to focus on genuine threats. The startups says its methodology significantly reduces false positives by over 80% compared with traditional software composition analysis tools by filtering out irrelevant alerts to allow security teams to prioritize and remediate critical vulnerabilities more efficiently. The technology can be easily integrated into existing development workflows and works on-premise without the need for complex configurations, according to the company. Coana will bring powerful static control flow and call graph analysis to Socket’s platform, allowing teams to prioritize vulnerabilities based on whether they’re actually exploitable in a given codebase.