Automated technical audit of any GitHub repository in 5–15 minutes. Translates code quality, security, and technical debt into plain English — and euros.
The problem
Most Acquire.com deals fail — or massively underperform — due to hidden technical debt that wasn't disclosed. Don't be the buyer who finds out the hard way.
Every feature request becomes a gamble. You hire a developer, they touch one thing, three others break. Customers churn. Your first hire is a refactoring job.
API keys, database passwords, AWS tokens — committed years ago, long "deleted" but still readable in git history. Now they're your problem. And your liability.
The entire product lives in one developer's head. They leave (or stop responding) and you have an undocumented codebase nobody can maintain. You paid €200k for this.
Libraries with published security vulnerabilities, no automated scanning, no Dependabot. You inherit active attack surface on day one of ownership.
100 lines of glue code around OpenAI's API, priced like proprietary technology. Our detector catches this before you pay for something with no defensible moat.
TODO comments, duplicated code, no CI/CD, no Docker, no monitoring. Every month you pay a developer to fight the codebase instead of building product.
How it works
No setup. No code access. Just send us the GitHub URL and your questions, and we run the full analysis automatically.
Fill out the form below with the GitHub URL of the SaaS you're considering. Add any specific concerns — security, architecture, licensing.
Our tool clones the repository and runs 7 analysis modules: code quality, security, dependencies, git history, tests, docs, and architecture.
A grade from A to F, financial debt estimate in euros, red flags prioritized by impact, and negotiation leverage — ready to share with your advisors.
Walk into the deal with data. Negotiate a lower price, require fixes before close, or walk away — all backed by objective analysis.
What we analyze
We don't just check code style. We look at everything that affects the real cost of owning and operating the business after you buy it.
Detects duplicated code (copy-paste debt), TODO/FIXME backlogs, overly long files and functions, debug statements left in production, and estimated cyclomatic complexity.
Weight: 25%Scans for hardcoded AWS keys, GitHub tokens, Stripe keys, database connection strings, private keys, SQL injection patterns, unsafe eval() usage, insecure password hashing (MD5/SHA1), and secrets buried in git history.
Checks npm, pip, Bundler, Go modules, and Composer. Flags missing lockfiles (non-reproducible builds), committed node_modules, and license risks — GPL/AGPL can complicate acquisitions.
Reveals bus factor (how many developers actually know the code), last activity date, commit message quality, history rewrites (force push gaps), and whether sensitive files were ever committed — even if later deleted.
Weight: 15%Detects test files (pytest, Jest, Vitest, RSpec, Go testing), test-to-code ratio, E2E tests (Cypress, Playwright), CI pipelines (GitHub Actions, CircleCI, Travis), and linting configuration.
Weight: 15%README quality and completeness (installation, configuration, deployment sections), CHANGELOG presence, OpenAPI/Swagger specs, and code-level docstrings — a proxy for onboarding time for your next developer.
Weight: 5%Identifies frameworks, databases, Docker/IaC, monitoring (Sentry, Datadog), multi-tenancy readiness, and — critically — detects "AI wrapper" products (thin OpenAI/Anthropic wrappers priced as proprietary IP) and no-code builders (Bubble, Webflow).
Weight: 5%Every issue is converted to hours and euros at a €50/h EU developer rate. You get a total debt figure — not just "there are problems", but "fixing this will cost €18,400 — use that in your negotiation."
Included in all tiersSample report
This is the actual audit output for public-apis/public-apis — a mature, well-maintained open-source project. Grade A, as expected. Your SaaS acquisition may tell a different story.
| Category | Hours | Cost (€50/h) | Description |
|---|---|---|---|
| No linter configuration | 8h | €400 | Configure ESLint/Pylint and fix existing violations |
| No lockfile | 8h | €400 | Add lockfile and version pinning — non-reproducible builds |
| No CHANGELOG | 4h | €200 | Create version history — required for transparent handover |
| No Docker | 16h | €800 | Containerize app and configure environments (dev/staging/prod) |
| No monitoring | 12h | €600 | Production errors are invisible without Sentry/Datadog setup |
| TOTAL | 48h | €2,400 | Low risk — standard remediation items |
Grading scale
Each audit produces an A–F grade with a weighted score across all 7 dimensions. Here's how to use it at the negotiating table.
Pricing
All tiers include the full technical debt calculator in euros, negotiation recommendations, and a shareable report.
Get the critical risk picture in 15 minutes. Ideal when you need a fast go / no-go signal before committing to deeper due diligence.
Everything you need for a deal under €500k. Full 7-dimension analysis with architecture review and 30-day support.
For acquisitions over €500k where technical risk could make or break the deal. Includes human review and custom analysis.
All prices ex VAT. Invoice provided. Not happy with the report? We'll re-run for free or refund — your call.
FAQ
For public repositories, no. For private repos, we need a read-only GitHub personal access token (scope: repo). We delete the token immediately after the audit. We never store your code or credentials.
A developer review takes days or weeks and costs €1,500–€5,000+. Our automated audit covers the same structural, security, and quality dimensions in minutes, and quantifies debt in euros — making it directly usable in price negotiation. For deals over €500k, we recommend using the Enterprise tier alongside a targeted manual review of business logic.
A seller who won't provide read access to the source code is a major red flag. Legitimate SaaS acquisitions always include code inspection as part of due diligence. If they refuse, we'd suggest walking away or requiring an escrow arrangement.
Our automated tool currently supports GitHub only. For GitLab or Bitbucket repositories, contact us — we handle these via the Enterprise tier with manual tooling.
Bus factor is the number of developers whose departure would severely harm the project. A bus factor of 1 means one person knows everything — if they disappear (or stop answering your Slack messages post-acquisition), you have an unmaintainable codebase. We flag this prominently because it's one of the most common post-acquisition surprises.
It's an evidence-based estimate, not a quote. We use a standardized €50/h EU developer rate and map each detected issue to realistic remediation hours based on industry benchmarks. Actual costs vary — treat it as a floor for negotiation, not a final number. The Enterprise tier includes contractor referrals for real quotes.
We'll re-run the audit for free if we missed something, or issue a full refund — no questions asked. Our reputation depends on accuracy, not upselling.
Yes. All reports are yours to use however you like — share with co-investors, attorneys, or include in your deal documentation. The Enterprise tier includes a polished investor-grade PDF specifically for this purpose.
Get started
Fill out the form with the repository URL and your selected tier. We'll confirm within 1 hour and send your report as soon as it's ready.
Quick Scan: 24h. Deep Dive: 2h. Enterprise: 48h. No waiting weeks for a consultant's calendar.
We clone, analyze, and delete. No code retention, no third-party sharing. Invoice provided for your records.
Reports are written for investors, not engineers. Every technical issue is translated into financial impact.
Pay by card or wire transfer. Invoice in EUR. Refund if not satisfied — no questions asked.