Real findings from real engagements. Every one costed, traced to source, and classified as EBITDA adjustment, one-time remediation, or Year-1 CapEx.
| Risk | Why It Matters | Example Finding |
|---|---|---|
| Key person risk | One departure can halt delivery | Single developer owns 80% of a core product |
| Leaked secrets | Active credentials in git history | 47 secrets across 12 repos, some exposed for 3+ years |
| License exposure | GPL in a commercial product can force source disclosure | GPL dependency in a certified healthcare product. Nobody knew. |
| Vulnerabilities | Known exploits in production dependencies | $1M+ remediation backlog of 200+ critical vulnerabilities |
| AI adoption | AI-generated code with no review process | 40% of recent commits AI co-authored, zero review policy in place |
People · Velocity · Practices · Security · Dependencies · Technical Health · Legal · AI Adoption
Built for due diligence. Scales across the investment lifecycle.
Fits inside the exclusivity window. Key person risk quantified, deal blockers surfaced, remediation budget estimated.
Fix what matters before it shows up in a report that punctures your multiple. Know your position before the data room.
Inherit a codebase with evidence, not opinions. What you have, what it costs, and a 90-day plan for the board.
What to fix, in what order, and what it costs. Ranked by business impact, not just severity.
Is engineering investment increasing or decreasing risk and cost? Track velocity, debt, and team concentration over time.
Same metrics across every portfolio company. Which teams are shipping, which are struggling, and where to intervene.
15 minutes. What are you looking at, and what do you need to know?
Read-only git access or on-prem agent. Source code never leaves your environment.
Dollars and evidence. Scored, costed, ready to act on.
Weighbridge is led by Brendan Cody-Kenny, Founder and Chief Scientist.
7 years as CTO at Sema, building automated TDD methodology for PE.
PhD in automated software analysis (Trinity College Dublin).
Production operations at Salesforce and in real-time payments.
Third venture in software engineering intelligence. Second time building tech-enabled due diligence.
15-minute call to confirm fit. Live deal, portfolio review, or inherited codebase - I'll tell you within 24 hours what the timeline looks like.