Know exactly what you're sitting on. In 7 days.

A fixed-fee audit of your existing codebase — technical debt, security gaps, scalability risks, and a clear prioritized roadmap. No fluff, no surprises.

Book a Risk Assessment
Book a Risk Assessment

Pricing

The security of your business, and your customers’ private data, is invaluable - protecting it far outweighs the price of a risk assessment. Investing in identifying and mitigating risks now will save you from costly breaches, downtime, and damage to trust later.

Book a Risk Assessment
Book a Risk Assessment

starting at $4,500

WHO THIS IS FOR

You inherited a codebase nobody understands

New CTO. Acquisition. Previous team gone. You need an honest picture before you commit to a direction or tell your board what it will take to fix things.

Your last dev team disappeared mid-project

You need to know what state the codebase is actually in before you bring on the next team. The Assessment gives you the briefing they'd need anyway.

Your app is slowing and nobody knows why

Performance is degrading, deploys are scary, and your team avoids certain parts of the code. You need someone to go in and tell you the truth.

What You Get
01
Technical Debt Inventory

A complete catalogue of where your codebase has accumulated debt — outdated dependencies, anti-patterns, missing tests, architectural shortcuts, and complexity hotspots.

02
Security Vulnerability Scan

Authentication gaps, exposed credentials, injection risks, dependency CVEs, and any patterns that would fail a standard security review — all identified and explained in plain language.

03
Scalability & Performance Analysis

Where your application will break under load. N+1 queries, missing indexes, unoptimized jobs, caching gaps — with specific file and line references, not vague observations.

04
Prioritized Remediation Roadmap

A ranked action plan: what to fix in the next 30 days, what to schedule for Q2, and what can wait. Sized in rough engineering effort so you can plan and budget.

05
Architecture & Structural Review

How the application is organized, where the design breaks down, and what that means for future feature development. Are you building on a foundation that will hold?

06
30-Minute Debrief Call

A direct conversation with the senior engineer who reviewed your code. Walk through the findings, ask questions, challenge our conclusions. No account manager in between.

Pixeltree’s Risk Assessment Process

  • 1. Gather info

    Pixeltree meets with the client team to locate all the assets needing reviewed.

  • 2. Record findings

    Record our findings and create infrastructure diagrams if none exist - all in one place

  • 3. Full pen testing

    Security expert attempts to find and exploit vulnerabilities to determine areas of weakness.

  • 4. Create report

    Organize our findings in a detailed report with a summary of tech infrastructure, risks, and recommendations. Present to stakeholders.

Frequently Asked Questions

  • Our primary focus is Ruby on Rails, React, and Python. We can review TypeScript and Node.js applications as well. If you're unsure whether your stack fits, email us first and we'll tell you honestly.

  • No. Read-only repository access is all we need. We don't require access to your production environment, databases, or any live systems.

  • Large codebases take more time. For applications over ~150K lines, we'll scope accordingly and may quote a higher fixed fee. We'll tell you before we start.

  • The Assessment is a standalone deliverable. You'll receive a full written report regardless of what comes next. If we think a follow-on engagement makes sense, we'll say so clearly — but there's no obligation, and plenty of clients use the report on their own or take it to another team.

  • 50% upfront to begin, 50% on delivery of the written report. We invoice via email and accept wire transfer, EFT, or major credit cards.