Free Proof Asset

Legacy Code Risk Assessment

A free, structured framework to identify the highest-risk areas in your existing codebase in 30 minutes of self-assessment. Output: a prioritized list of where modernization effort produces the highest safety return. No sales follow-up unless you ask for it.
By
TL;DR
Six dimensions. Thirty minutes. Self-administered. Prioritized risk map at the end.

What it measures

The assessment scores your codebase across 6 dimensions, each weighted by impact on release safety:

  • Test coverage in active areas — not the average across the whole repo, but coverage where work is happening.
  • Cyclomatic complexity hotspots — functions and modules above safe complexity thresholds.
  • Change frequency vs coverage gap — files modified often but rarely tested.
  • Architectural coupling — modules with high fan-in/fan-out and no clear interfaces.
  • Documentation depth — business rules captured in code comments / docs vs in tribal knowledge.
  • Dependency staleness — outdated frameworks, EOL runtimes, unpatched libraries.

Who it’s for

  • CTOs starting a quarterly engineering review.
  • VP Engineering evaluating modernization investment ROI.
  • Engineering leaders preparing for an architectural decision.
  • Founders preparing for due diligence ahead of fundraising or acquisition.

What problems it detects

  • The "untouchable module" syndrome.
  • Hidden coupling that creates 6-hour bugs out of 5-minute tickets.
  • Coverage theater (high overall coverage with low coverage where it matters).
  • Dependency time bombs.
  • Knowledge concentration risk (one engineer holds 60%+ of business logic).

Example findings

Top 5 risks identified — HealthTech B2B SaaS

High
Billing engine: 8% test coverage, 47 changes in last 6 monthsCritical revenue-generating code with high churn and almost no safety net. Recommend immediate characterization tests before any change.
High
Authentication module: cyclomatic complexity 28 in <code>verify_session()</code>Above safe threshold. Authentication logic should never exceed 10. Suggest decomposition with feature flag.
Medium
Rails 5.2 EOL since June 2022 — unpatched for 18 monthsSecurity risk. Upgrade path to 7.x available but blocked by 4 deprecated dependencies. Plan dedicated sprint.
Medium
Report generation: business logic distributed across 7 files, no specReasoning for tax calculations exists only in one engineer’s head. Documentation + extraction recommended.
Low
Frontend test coverage 71% — acceptable for current change rateFrontend coverage is healthy. Continue current practice. No action needed.

How to get it

Option 1 · Free download

Email me the framework (PDF)

The full assessment framework + scoring rubric. Self-administered in 30 minutes.

Option 2 · Have us do it

Pernix-administered (free for qualified)

For qualifying mid-market companies: 30-min call + 5-day read-only repo analysis + written risk report.

Request assessment

Other proof assets available

  • AI Engineering Discipline Scorecard — evaluate your team's readiness for AI-assisted delivery.
  • Spec-Driven Development Template — the actual template Pernix uses for engagement specs.
  • 14-Day Sprint Self-Assessment — is your project a good fit for a 14-day milestone?
  • CTO AI Vendor Evaluation Checklist — the 17-question framework from our checklist page.