I use Finite State to analyze and prioritize security vulnerabilities in our product. It scans and highlights these vulnerabilities on its dashboard, which helps us maintain product security. I like its intuitive interface and that it's possible to automate parts of the process. Access to the FS API allowed us to automate tasks that would be tedious otherwise, making it easier to manage our workload. I also like how vulnerabilities are grouped by packages, so we can quickly assess the security overview and decide which packages need urgent attention. The team was very helpful in resolving previous issues, which I appreciate.

The tool is good, with a solid understanding of the user, and the interface is friendly for reviewing and examining the results. Scan results are usually delivered on time and are prompt. However, the platform currently lacks integration with Git/SVN to perform code analysis; I’m waiting for that feature to become available in the portal. As a technical person, I’m not aware of the tool’s pricing details, but so far the project budgeting seems mostly aligned with what is being charged. Product onboarding is flawless on the platform, though it could be enhanced when dealing with re-use or similar kinds of projects within a customer’s scope. I haven’t used the AI features yet; however, the integrated results already demonstrate some intelligence in how the results are presented.

What I like best about Finite State is its ability to provide deep visibility into software supply chain risks by accurately identifying CVEs across third-party components and embedded dependencies. This level of insight, especially at the binary and firmware level, helps us proactively address vulnerabilities that are otherwise hard to detect. As a result, it enables better risk prioritization and contributes directly to improving the stability and security of our products.