Product sale: They want a code review, help!

We are selling our product, yay!   They want a code review, scary!

Has anybody been through this before? How do we do a code review without handing over the full BitBucket link?

Shall I ask in advance what they want to achieve and prepare samples accordingly?

Shall we just hand over the link and say “have at it”? But sign this NDA? How will we truly know the didn’t copy it?

What if they don’t like the code structure or commenting (or lack of)? And cancel the deal, but steal our code?

What if they ask for too many changes because they don’t like the code? We are bootstrapped and out of time and funds and can’t pay anyone else or ourselves








  • If you’re practically bankrupt it makes no sense to worry about getting screwed over. For a code review they don’t really need the entire codebase, you just talk about your code architecture with their engineers and show bits and pieces on request during a Webex meeting or in person. If the goal of the code review is to reassure the buyer that they’re not buying a complete POS then you can alleviate their concerns directly without handing everything over.

  • You don’t have to share entire code. Show them entire structure of your project once and let them choose some random code files of their choice for review.

    Simple I guess.

  • The real answer, having gone through this, is they’re looking for reasons to A) not buy you if it pops up or B) to smash down your valuation if this is a large enterprise buyer. B is always the most likely.

    They’re looking for:

    – Code smell

    – consistency of code

    – architecture

    – licensing

    – depdencies

    – documentation

    – key staff and knowledge

    – Spaghetti code

    – Documented process for making updates

    – etc etc etc.

    My suggestion is this….. If your code base is large, stop all feature sprints and solely focus on that. Seriously. 1 month of features can save you a few $Million in payments. Be ready for an arguement along these lines, and realize that their M&A team is trying to get a “win” in a lower valuation.

  • Unless there is some secret sauce algorithm, which is not usually the case:

    Let them access your code freely, but only on premise and under supervision. Anything they can memorize is probably not worth much. And like commenters above said, help them and walk them through it.

  • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

    You may also like