Contact Us
Software Risk & Value Scan  ·  €999

Your tech product,
diagnosed in 1 day.

The Software Risk & Value Scan is an objective diagnostic of your tech product — covering security, time to market, scalability and AI acceleration. No lengthy process.

  • Delivered in 24 hours
  • Benchmarked against 30,000+ systems globally
  • ISO/IEC 27001 certified & ISO 17025 accredited
  • Code deleted within 3 days — no retention, no access
Request your scan
30,000+ benchmarked systems
ISO/IEC 17025 accredited
Results within 24 hours
Software Risk & Value Scan
PortCo Product — Core Platform
Scope
47,000 LoC · 300+ tech
Result Analysis complete · benchmarked against 30,000+ systems globally.
Maintainability
3.2 /6
vs. market avg 4.1
Moderate
Security
9
critical issues
Weak
Open Source
47
CVEs detected
Moderate
AI Readiness
3.2 /6
debt limits speed
Moderate
Architecture
4.8 /6
good structure
Strong
Scalability
1.8×
below benchmark
Moderate
Key findings
9 critical security issues require immediate attention prior to close.
Maintainability score 3.2/6 — below market; AI tooling will amplify debt.
Architecture quality 4.8/6 — solid foundation for post-close scaling.
Benchmark
30,000+ systems
Standard
ISO/IEC 25010
Accreditation
ISO/IEC 17025
Powered by Sigrid®
30,000+ benchmarked systems
ISO/IEC 25010 & OWASP Top 10
ISO/IEC 17025 accredited
Results within 24 hours
Code deleted within 3 days
Software Diagnostic

This is what you get.
One product. One exec-ready report.

The Software Risk & Value Scan gives you an objective, evidence-based view of your company’s most important software product — automated by Sigrid® and delivered as an executive-ready report in days.

Architecture
4.8 / 6
strong foundation
Security
9 critical
issues found in code
AI Readiness
3.2 / 6
debt limits AI speed
sigrid.softwareimprovementgroup.com / diagnostic
Software Diagnostic
PortCo Product — Core Platform
Analysis complete · 47,000 lines of code · 300+ technologies
Powered by Sigrid® · Software Improvement Group
Maintainability
3.2 /6
vs. market avg 4.1
Moderate
Security
9
critical issues found
Weak
Open Source Health
47
CVEs detected
Moderate
AI Readiness
3.2 /6
debt limits AI speed
Moderate
Architecture
4.8 /6
good structural quality
Strong
Scalability
1.8×
below market benchmark
Moderate
Example output — benchmarked against 30,000+ systems globally · Code deleted within 3 days
How it works

From validated upload
to insight in 24 hours.

No pipeline changes. No lengthy procurement. A tech lead can complete the upload in under 30 minutes.

1
You submit this form

Tell us which tech product you want scanned. We confirm details and send instructions within one business day.

2
You upload the code

A tech lead zips the codebase and uploads to our secure portal — no login, no tools, no pipeline changes required.

✓  ~30 minutes
3
SIG validates the upload

Our team checks completeness before analysis begins. You’ll hear from us if anything needs clarifying.

4
Sigrid® runs the analysis

Automated analysis across all six dimensions — benchmarked against 30,000+ systems from our global dataset.

5
You receive your report

An executive-ready diagnostic with RAG ratings, benchmark comparisons, and prioritized findings — ready for the deal team.

✓  Within 24h of validated upload
Request your scan

Tell us which portco product you want scanned. We’ll be in touch within one business day.

This field is for validation purposes and should be left unchanged.
Name*
Privacy*
Included in your €999 scan
All six dimensions: maintainability, security, open source, AI readiness, architecture, scalability
RAG ratings benchmarked against 30,000+ systems
Executive-ready report formatted for deal teams
Delivered within 24 hours of validated upload
Code deleted within 3 days — no retention, no access
ISO/IEC 27001 certified & ISO/IEC 17025 accredited

€999 fixed price (excluding VAT). No commitment beyond the scan. Confirmation within one business day.

What’s covered

Every dimension of
software risk and value.

Six areas, one report. Everything you need to know about a product’s software health — in language that works for deal teams and operating partners alike.

Executive-ready report

Clear RAG ratings, market benchmarks, and prioritized recommendations — formatted for investment teams and operating partners. Ready in days.

AI acceleration

Is the codebase structured to actually benefit from AI-assisted development? Or is AI tooling generating more debt faster? Evidence-based answer.

Security

OWASP-aligned findings across the codebase and open-source dependencies. Critical issues ranked by severity and business impact.

Time to market

How scalable and maintainable is the code? Benchmarked against the market with estimated remediation cost and time-to-market impact.

Open-source health

License risks, IP exposure, known CVEs in third-party libraries, and outdated dependencies that may create compliance or security obligations.

Architecture quality

Structural risks, component coupling, and architectural complexity — the hidden factors that determine how hard it will be to scale, change, or modernize.

What happens next

Your diagnostic is just the start.

Most teams run one scan and immediately ask: what about everything else? Here’s how operating partners naturally expand from a single diagnostic to full portfolio visibility.

01 Where you start
Product Diagnostic

One product. One report.An objective view of security, maintainability, open-source risk, and AI readiness — delivered in days. No infrastructure changes required.

Scope — single product
Core Platform
47,000 lines · analysis complete
Scalability Security Open Source AI Readiness
Request your scan
02 Expand
Full Landscape Diagnostic

Extend the diagnostic across the company's full software portfolio. Know the full picture before value creation decisions, scaling investment, or exit prep begins.

Scope — Complete software landscape
Core Platform Moderate
Mobile App Strong
Data Pipeline Weak
Analytics Layer Moderate
Learn more about Software Risk Assessment
03 Daily habit
Portfolio Governance
with Sigrid®

Continuous visibility across every portco, every day. AI risk, security drift, and technical debt tracked in real time — so problems surface before they affect growth or exit.

Scope — full portfolio, always on
PortCo A
Sigrid® live
PortCo B
Sigrid® live
PortCo C
Sigrid® live
PortCo D
⚠ alert
Explore Sigrid for M&A
FAQ

Common questions about
the scan.

Everything you need to know before requesting your diagnostic.

What does the scan actually cover?
The scan covers six dimensions: maintainability, security, open-source health, AI readiness, architecture quality, and scalability. Each is assessed against ISO/IEC 25010 and benchmarked against our dataset of 30,000+ real-world systems. You receive a RAG-rated report for each dimension with prioritized findings.
How does the code upload work?
After you submit the form, we send your tech lead a secure upload link. They zip the codebase and upload via our portal — no login, no agent install, no pipeline changes. The upload typically takes under 30 minutes for a single product.
Is our code safe? What happens to it after the scan?
Your code is handled under ISO/IEC 27001 certified security protocols and deleted within 3 days of analysis. We never retain or access your code for any purpose other than the scan. For firms with stricter requirements, Sigrid Local allows the entire analysis to run on-premise.
How is this different from a traditional tech DD engagement?
Traditional tech DD relies heavily on interviews and manual review, which is slow and subjective. The Software Risk & Value Scan is automated analysis against objective, benchmarked standards — results in 24 hours rather than weeks, with no scoping workshops or engagement setup. It complements expert DD rather than replacing it.
Who is the report designed for?
The report is structured for deal teams, operating partners, and investment committees — not developers. It uses clear RAG ratings, market benchmark comparisons, and plain-language business impact framing. No translation needed between engineering and the deal team.
Can we scan multiple products or the full portfolio?
Yes. The €999 scan covers a single product. If you need to assess the full software landscape of a portco — or implement continuous monitoring across your portfolio — we offer full landscape diagnostics and Sigrid® portfolio governance. Ask us when you submit the form.
When during the deal process should we run this?
Most commonly during early-stage due diligence, before exclusive or around the time of an LOI. The 24-hour turnaround means you can run it as soon as you have access to the codebase. Operating partners also use it at portfolio entry to baseline the asset before value creation work begins.
What if the target company uses AI-generated code?
The AI Readiness dimension specifically assesses whether the codebase is structured to benefit from AI-assisted development — or whether existing technical debt means AI tooling will generate more debt faster. This is increasingly one of the most critical findings for software-heavy assets.

Still have a question? We’ll respond within one business day.

Request your scan
88%
of organizations report using AI in at least one function — most can’t prove it’s working
SIG AI in PE Report 2025
72%
of AI systems in production score below recommended build-quality thresholds
SIG AI in PE Report 2025
400B+
lines of code analyzed — the world’s largest software benchmark across 30,000+ systems
Sigrid® Platform
25+
years as the global authority on software portfolio governance — trusted by PE, VC & CVC
Software Improvement Group
Why investors trust SIG

25 years of software intelligence.
Built for investors.

From pre-deal diligence to portfolio governance — M&A teams across PE, VC and CVC rely on SIG to see what’s really under the hood.

Case studies
PE · Software Diagnostic
Parcom & Robin Radar — de-risking a strategic acquisition

Parcom Capital engaged SIG for technical due diligence on Robin Radar prior to acquisition. SIG’s analysis delivered objective, evidence-based insight into code quality, security posture, and architectural risk — giving the investment team a clear view of what they were buying and what would need attention post-close.

M&A · Software Diagnostic
Eneco Group — IT DD as a portfolio standard

Eneco Group made SIG their go-to supplier for IT due diligence across M&A processes — citing in-depth IT knowledge, rigorous risk identification, and report quality as the reasons to standardize on SIG across all deals.

What investors say

SIG is our preferred supplier for IT due diligence projects. Sigrid can identify risks within the IT landscape and is able to deliver high quality analysis within short lead time.

DC
Director Cyber & Privacy
Global advisory firm

We recommend ongoing software quality monitoring during post-merger integration to ensure well-structured and maintainable code.

GS
Giles Shrimpton
Managing Director Automotive · Eurowag

SIG is our go-to supplier for IT due diligence. Their consultants’ in-depth IT knowledge, risk identification, and high-quality reports are invaluable for Eneco Group in M&A processes.

EJ
Eric de Jongh
Integration Officer · Eneco Group

SIG impressed us with its expertise and clear, concise business recommendations. Would we use them again for digital acquisition? Absolutely.

HV
Harry van der Vossen
Director of Digital Delivery · RelyOn Nutec
Get started

One product.
One diagnostic. Days, not months.

Turn a diagnostic into your daily routine — Sigrid gives you continuous software governance across every software-heavy asset in your portfolio, every day.

Request your scan Learn about Sigrid for M&A

Register for access to Summer Sessions

This field is for validation purposes and should be left unchanged.
Name*
Privacy*