Projects overview

Coana's dashboard allows you to manage and view projects, reports, notifications, members & access, and much more. To find your way around the dashboard, you have to understand the core Coana principles of projects, reports, and vulnerabilities.


In Coana, a project represents a software project that you want to monitor for vulnerabilities. Usually, you will have one project for each of your repositories in your source control system, such as GitHub. You can also have multiple Coana projects for the same repository if, for example, the repository contains multiple independent applications, which you would like to monitor separately.

Head over to the Projects section to learn more about how to create and manage projects.


Every successful scan (see Scanning) of a project creates a report under that project. The report contains the list of detected vulnerabilities along with other metadata, such as the date of the scan, the version of the Coana CLI that was used, the branch, and commit of the scanned project. Reports are persisted in Coana, and you can always go back and view the old reports.

Head over to the Reports section to learn more about how to view and manage reports.


A vulnerability indicates that you are using a dependency that has a known security issue. Most vulnerabilities are associated with a Common Vulnerabilities and Exposures → (opens in a new tab) (CVE) identifier, which is a unique identifier for a known security issue. In Coana, vulnerabilities are always associated with various metadata about the affected dependency package. For example:

  • The package name and version.
  • The path(s) in the dependency tree leading to the vulnerable package.
  • The severity and weakness (CWE) of the vulnerability.

Along with information about how the package is used in your project:

  • Whether the vulnerability is reachable or not reachable from your application's entry points (read about Coana's reachability analysis here).
  • If the vulnerability is reachable: The source location(s) in your source code where you either directly or indirectly (through other dependencies) can trigger the vulnerability.

You can learn more about how to view and manage vulnerabilities in the Reports#vulnerabilities section.