DFM Platform
DFM Funding Monitor

Next Generation Software Supply Chain Securitybroad

COANA · Horizon Europe grant · 2025-06-01–2027-05-31

EC contribution

€2,496,250

Total cost

€0

Beneficiaries

1
About the data

Source: CORDIS (official EU open data), Horizon Europe. Framework HORIZON · call HORIZON-EIC-2024-TRANSITION-01 · scheme HORIZON-EIC · topic HORIZON-EIC-2024-TRANSITIONOPEN-01. CORDIS record →

Objective

Software development relies heavily on third-party libraries, with 70 - 90% of code in modern software applications coming from open-source dependencies. However, this dependency on external code can lead to serious security risks due to library vulnerabilities. According to the European Union Agency for Cybersecurity (ENISA), supply chain attacks on software dependencies will be the foremost cybersecurity threat by 2030.Coana, a spinout of Aarhus University, is developing the next generation of Software Composition Analysis (SCA) to address this issue. Our groundbreaking program analysis tool infers data flow and generates call graphs for large, real-world libraries and applications with unprecedented speed and accuracy. Unlike conventional SCAs, our built-in reachability analysis lets developers focus on reachable vulnerabilities in their dependencies and ignore the unreachable ones. Since most vulnerabilities are unreachable, Coana reduces the burden and cost of managing vulnerabilities by at least 80%, enabling developers to focus on eliminating vulnerabilities that truly matter.If successfully deployed in the market, Coana could assist 5.9M developers in the EU in building more secure software by 2033. This widespread adoption will help overturn US dominance in the EU’s SCA market while enabling Coana to be a new EU unicorn in the next 10 to 12 years. Developer time savings will help save €318k for a company with 100 developers and €18.7B for the 5.6M developers in the EU using Coana by 2033. Additionally, it will help save €5.6B lost due to vulnerabilities annually. The support of the EIC Transition grant is crucial to bringing this impactful solution to the market. This project aims to expand our curated vulnerabilities database, improve the recall for detecting vulnerabilities to over 90%, and extend language coverage to Java, Python, and Go. We will also validate our business model and develop the business plan to guide the route to commercialization.

Beneficiaries (1)

OrganisationCountryRoleEC contributionSME
COANA APS DK coordinator €2,496,250 Yes

Get the DFM funding briefing — free

New EU defence calls, tenders and awards in your inbox.

Countries
Sectors
Sources

We store your email only to send the DFM briefing/alerts and to add you to DFM Analysis. Unsubscribe anytime.

Defence Finance Monitor is an analytical and informational product. Grant data is official CORDIS; payment and subscription happen on DFM Analysis.