Know Your Assets.

Decision support for software.

Evidence-backed
AI-enhanced
Human-verified
Built for the IC

What We Find

Real findings from real engagements. Every one costed and traced to source.

Risk Why It Matters Example Finding
Key person risk One departure can halt delivery Single developer owns 80% of a core product
Leaked secrets Active credentials in git history 47 secrets across 12 repos, some exposed for 3+ years
Licence exposure GPL in a commercial product can force source disclosure GPL dependency in a certified healthcare product. Nobody knew.
Vulnerabilities Known exploits in production dependencies $1M+ remediation backlog of 200+ critical vulnerabilities
AI adoption AI-generated code with no review process 40% of recent commits AI co-authored, zero review policy in place
Stalled migration Buyer pays maintenance on two stacks for the price of one React migration started 3 years ago, abandoned at 60%. Both stacks running, neither owned.
IP gaps Offshore contributors with no assignment paperwork 5-person offshore team committing under personal email accounts. No CLA on file.
Hidden slowdown Forecasts and roadmaps get built on a pace that no longer holds Team reports weekly releases. Actual cadence is monthly and decelerating, six quarters running.

People · Velocity · Practices · Security · Dependencies · Technical Health · Legal · AI Adoption

One Capability. Many Use Cases.

Built for due diligence. Scales across the investment lifecycle.

Buy-Side Due Diligence

Fits inside the exclusivity window. Key person risk quantified, deal blockers surfaced, remediation budget estimated.

Remediation Planning

What to fix, in what order, and what it costs. Ranked by business impact, not just severity.

CTO Onboarding

Inherit a codebase with evidence, not opinions. What you have, what it costs, for an informed 90-day plan.

Periodic Review

Is engineering investment increasing or decreasing risk and cost? Velocity, debt, and team concentration tracked over time.

Portfolio Intelligence

Same metrics across every portfolio company. Which teams are to be modelled, and where to intervene.

Sell-Side Preparation

Fix what matters before it shows up in a report. Know your position before the data room.

Three Steps.

1

Scope

Let us know what you're looking at and what you need to know.

2

Connect

Provide code access.

3

Report

Findings, costed and classified.

Questions Buyers Ask

The ones that come up before every engagement.

Is this a code scan, or due diligence?

More than a scan. It is the software read: the code and the team, costed, ranked by business impact, and traced back to the evidence, with a person checking every one. What the risks are, what they cost to fix, what to fix first. It can stand alone, or be the software part of a wider diligence.

How fast is it, and does it replace our diligence advisors?

Fast. Days, inside the exclusivity window, not weeks. It does not replace your commercial and financial diligence. It is the software read, the code and the team, evidenced and costed, and it can be part of your IT diligence. You get it without standing up a separate consulting engagement.

Can it read how the system is built, or just surface metrics?

How it is built. We read which people and modules the revenue actually depends on, where the licence and IP exposure sits, how old the dependencies are, and which migrations got started and quietly dropped. A scanner misses most of this. A person checks all of it.

Do you need our source code, and how is it handled?

On your terms. An agent runs in your own environment and pulls the development record: history, structure, dependencies. You see what it collects before any of it leaves. What you share is deleted once the report lands. Leave out any repositories you want kept back. NDA as standard. The point is a credible read with the lightest possible touch on your code.

Is this point-in-time, or continuous monitoring?

Point-in-time, on purpose. It is built for a decision: a deal, a new CTO, a board review. For a portfolio we re-run it on a cadence, so you can see which way things are heading.

Know your assets.

Live deal, portfolio review, or inherited codebase. Leave your email and I'll come back to you on fit and timeline.