Finite State is excited to announce the first phase of our expanded AUTOSAR capability rollout, bringing new clarity to one of the most complex and opaque areas of automotive software. AUTOSAR has become the backbone of modern ECUs, but its modular architecture and vendor-specific implementations make it notoriously difficult to analyze. This release removes that blind spot, giving manufacturers and suppliers deeper visibility into the AUTOSAR components driving their vehicles.
This is the first step toward a full set of AUTOSAR-specific analysis capabilities, scheduled for release in Q1, 2026.
Release Highlight: Expanded AUTOSAR Module Detection
With this release, Finite State enables customers to identify more AUTOSAR components directly from compiled binaries and configuration files, even when source code access is limited. These insights feed into more complete SBOMs and more flexible scanning workflows, helping teams better understand the makeup of their ECU software.
New capabilities include:
- Detection of more AUTOSAR modules from binaries and configuration sets
- Version and vendor identification, when logging and architecture allow
- More complete SBOMs with expanded AUTOSAR component coverage
- Flexible scan inputs, from full project archives to minimal config bundles
These upgrades make AUTOSAR-based systems easier to analyze and easier to document across the automotive supply chain.
Why This Matters
AUTOSAR is central to modern vehicle architecture, yet historically hard to analyze. This release provides teams the clarity they need to improve security, accelerate compliance, and deepen trust across the supply chain.
You can now:
- Increase transparency into what AUTOSAR modules and versions are present
- Produce more complete and accurate SBOMs for regulatory and customer requirements
- Scan on your terms, whether you share full builds or minimal configuration files
- Support supplier collaboration with clearer, standardized component visibility
This update turns AUTOSAR from a black box into an analyzable, verifiable part of your software supply chain.
What’s Coming Next
Today’s release is the beginning. The next major update — scheduled for Q1 2026 — will introduce expanded AUTOSAR intelligence, automation, and exploitability analysis, including:
- CLT Support
Scan AUTOSAR files directly through the Finite State CLT for seamless CI/CD integration.
- Private Vulnerability Advisories
Match internal advisories against detected AUTOSAR components for tailored vulnerability visibility.
- Enriched Vulnerability Matching
Upload organization-specific vulnerability advisories to a private feed and generate unique findings when matches occur across components and XML configuration data.
- Reachability Insights
Leverage configuration data (e.g., Vector DaVinci queries) to filter vulnerabilities based on actual module settings.
- Enhanced Platform Experience
Updated Findings and Components views that highlight AUTOSAR structure, versions, and company-specific matches.
The Result
Finite State now delivers unmatched visibility into AUTOSAR-based systems, reducing uncertainty, strengthening compliance, and helping automotive teams secure increasingly complex software architectures. This initial launch lays the foundation for a comprehensive AUTOSAR analysis experience, with significantly expanded capabilities arriving in Q1.
Want to Learn More?
If you're a current customer, contact your account manager to explore how these new capabilities can support your automotive security workflows.
New to Finite State? Book a demo to see how our platform illuminates AUTOSAR-based systems and strengthens your software supply chain security.
