DocumentationGetting StartedOverview

Overview

Learn how CodeDD analyzes your codebase with AI-powered due diligence

Overview

What is CodeDD?

CodeDD is a software due diligence platform for investors, M&A advisors, and technology leaders. It combines static analysis, LLM-assisted file review, architecture mapping, and portfolio dashboards to deliver technical assessments in hours instead of weeks.

How an audit works

  1. Connect — Link repositories via OAuth or tokens (GitHub, GitLab, Azure DevOps, Bitbucket), or run a local-first audit with the CLI so source never leaves your machine.
  2. Scope — CodeDD discovers every file in the repository. You review and adjust which files receive deep analysis before the audit runs.
  3. Analyze — Scoped files get LLM review, complexity metrics, dependency and license scanning, architecture mapping, and cross-file contextualization. Security findings are validated before they affect your score.
  4. Report — Results land in portfolio dashboards: Code Health Score, supply-chain views, architecture maps, Issue Compass, PDF export, and compare-audits over time.

Cloud audits clone to ephemeral processing environments. Source code is encrypted during analysis and deleted when the audit completes. Only findings and metadata are retained.

What sets CodeDD apart

Architecture-aware — Maps components, technologies, and relationships, not just individual files.

Semantic analysis — LLMs catch logic flaws, auth gaps, and design issues that pattern-only scanners miss.

Validated security — Findings are checked for evidence before they count toward risk scores, which cuts false positives.

Zero source retention — Files are processed temporarily, encrypted at rest, and securely wiped after completion.

Local-first option — The CLI runs analysis on your machine and syncs only structured results to the cloud.

What you get

Every audit includes:

  • Executive Summary — health indicators, KPIs, and key findings
  • Risk Assessment — prioritized vulnerabilities with remediation guidance
  • Code Quality Report — maintainability metrics and technical debt signals
  • Architecture Review — component map, coupling, and improvement areas
  • Dependency Analysis — CVE exposure, license compliance, supply-chain panel
  • Development Insights — git statistics, contributor patterns, delivery trends
  • Portfolio views — group audits, compare-audits, Issue Compass, PDF export

Next steps