Technical due diligence on a startup codebase — automated.

Technical due diligence on a codebase used to mean days of manual review. inkode runs 20 automated checks against any repo — secrets, vulnerable dependencies, test coverage, complexity, dead code, coupling — and produces a scored, shareable health report your team can act on.

Scan a Codebase Book Expert Review

Five risk categories, 20 checks.

CategoryChecks includedWhat it tells you
SecuritySecret scanning (gitleaks), dependency audit (OSV CVEs)Credentials in git history, known vulnerabilities in third-party packages across Go, Python, JS/TS, Java, Rust.
TestingTest presence, test-gap mapDirectories and packages with no tests — a leading indicator of how safely the codebase can be changed post-acquisition.
MaintainabilityCyclomatic complexity, dead code, TODO density, magic numbers, semantic duplicationFunctions too complex to read, code paths no one calls, deferred work accumulating in comments, copy-pasted logic that will diverge.
StructuralImport graph, coupling matrix, line count, infrastructure, scriptsCircular dependencies, god packages, co-change coupling that makes safe refactoring hard. Plus sizing — how big is this actually?
Change riskHotspots (git log), coupling (co-change history)Files that change constantly and therefore break constantly. The ones that will burn your team's time post-close.

A health score and a shareable Brief — in under a minute.

Health score (0–100, A–F)

A single number across all five categories — weighted by severity and category importance. Comparable across codebases and over time. Gives you a starting point for negotiation and a baseline for post-close tracking.

Brief — shareable read-only report

A structured HTML report covering headline findings, category scores, and the top risky files. Share a link with your team, your LP, or the target — no source code leaves the machine that ran the scan.

Expert review — human findings

Our engineers access the full analysis through an authenticated API, cross-reference hotspots with complexity, and deliver a 10-section consultant report with a prioritized remediation roadmap and a 1-hour walkthrough call.

CI / ongoing tracking

Once the deal closes, wire inkode into every PR. Set a quality gate, get regression alerts when the score drops, and track improvement over time on the dashboard. Post-close accountability built in.

The target runs the CLI. You get the report.

1
Target installs the CLI

One curl command on macOS or Linux. No accounts, no API keys, no source code leaving their machine.

2
Scan runs in under a minute

20 checks run concurrently. Only file paths, git metadata, and code metrics are uploaded — never the source.

3
You receive the shareable link

The target shares the Brief URL. Your team gets the health score, category breakdown, and headline findings — enough to ask the right questions in the technical interview.

4
Add expert review for the full picture

Our engineers go deeper — coupling matrices, semantic duplication clusters, per-function breakdowns — and deliver a consultant report with a prioritized remediation plan and effort estimates.

Start your technical due diligence today

Run the free scan yourself or book an expert review. Either way, you'll know what's in the codebase before you commit.

Run Free Scan Book Expert Review